Standard: Email Retention



Similar documents
Standard: and Campus Communication

Standard: Information Security Awareness Training

The Importance of Organizing Your SJSU Information Assets

Standard: Application Service Provider Security Requirements

Standard: Data Center Security

Standard: Information Security Incident Management

Standard: Network Security

Standard: Web Application Development

Standard: Vulnerability Management and Assessment

Standard: Patching and Malicious Code Management

Standard: Event Monitoring

RECORDS AND INFORMATION MANAGEMENT AND RETENTION

Standard: Airwave

Andrews University Payment Card Acceptance Policies & Procedures. Prepared by Financial Administration

State of Michigan Records Management Services. Frequently Asked Questions About E mail Retention

COLORADO COMMUNITY COLLEGE SYSTEM SYSTEM PRESIDENT S PROCEDURE ELECTRONIC COMMUNICATIONS MANAGEMENT AND RETENTION PROCEDURES

About Your Policy Kit

Central Texas College District Human Resource Management Operating Policies and Procedures Manual Policy No. 294: Computer Security Policy

Retention and Archiving

Information Security Policy and Handbook Overview. ITSS Information Security June 2015

CREDIT CARD NUMBER HANDLING PROCEDURES POLICY October

10 Steps to Establishing an Effective Retention Policy

Archiving/Retention Frequently Asked Questions (FAQ)

Electronic Communication In Your Practice. How To Use & Mobile Devices While Maintaining Compliance & Security

Viterbo University Credit Card Processing & Data Security Procedures and Policy

Office of the Chief Information Officer

RUTGERS POLICY. Approval Authority: Executive Vice President for Academic Affairs and Senior Vice President for Administration

SJSU Electronic Data Disposition Standard

Introduction. General Use

Records Retention & E-Discovery. Preserving Electronically Stored Information for Litigation

BusinessMail Cloud Archiving

INFORMATION SECURITY Humboldt State University

1. The records have been created, sent or received in connection with the compilation.

Capstone for Records Management

How much of my Mailbox size have I used?

The Right Choice for Call Recording Call Recording and Regulatory Compliance

Information Security Policy

Page 1 of 15. VISC Third Party Guideline

Who Should Know This Policy 2 Definitions 2 Contacts 3 Procedures 3 Forms 5 Related Documents 5 Revision History 5 FAQs 5

Approved by President Mohammed Qayoumi. Reviews: IT Management Advisory Committee

E-gov Asset Handling and Labelling Guidelines

INFORMATION SECURITY GUIDELINES

Discovery Technology Group

Enterprise Vault.cloud and Office 365 As you move to the cloud, don t forget your archive

HIPAA Privacy Overview

Management: A Guide For Harvard Administrators

APPROPRIATE USE OF INFORMATION TECHNOLOGY SYSTEMS INFRASTRUCTURE RESOURCES

My Docs Online HIPAA Compliance

The Importance of Privacy & Data Security in a Changing World

WHAT TO DO WHEN YOU RECEIVE A LITIGATION HOLD NOTICE. A Guide for University Faculty, Staff, and Others


Economic Realities in the Management of Public Records. George Bakolia Senior Deputy State Chief Information Officer November 4, 2011

INFORMATION TECHNOLOGY DATA MANAGEMENT PROCEDURES AND GOVERNANCE STRUCTURE BALL STATE UNIVERSITY OFFICE OF INFORMATION SECURITY SERVICES

FARMINGTON PUBLIC SCHOOLS 2410

Miami University. Payment Card Data Security Policy

Regulatory Compliance Solutions for Security and Privacy

Issues to Address: The Privacy Concerns of Individuals

SUTLEJ TEXTILES AND INDUSTRIES LIMITED DOCUMENT PRESERVATION AND RETENTION POLICY

FDU - Records Retention policy Final.docx

TERMINAL CONTROL MEASURES

Rules, Policy and Industrial Relations Committee/Committee of the Whole Meeting of September 12, 2008

Index .700 FORMS - SAMPLE INCIDENT RESPONSE FORM.995 HISTORY

School District Retention

Departmental Policy Departmental Procedure Instructions/Forms. UCVM DIAGNOSTIC SERVICES UNIT Document Control Procedure

TOWN OF COTTESLOE POLICY MANAGEMENT

Executive Vice President of Finance and

-archiving Defining an policy Planning, policies and product selection CHAPTER 2 archiving

Strategy for Management in Canadian Jurisdictions

THE UNIVERSITY OF THE WEST INDIES Electronic Mail & Messaging Services Policy 1. Introduction

Litigation Hold Notices & Electronic Discovery A R E S O U R C E F O R W S U E M P L OY E E S

Successful File Server Auditing: Looking beyond native auditing

CITY OF SAN DIEGO ADMINISTRATIVE REGULATION Number PAYMENT CARD INDUSTRY (PCI) COMPLIANCE POLICY. Page 1 of 9.

08/10/2013. Data protection and compliance. Agenda. Data protection life cycle and goals. Introduction. Data protection overview

Data Security in the Insurance Industry: WHAT YOU NEED TO KNOW

MASSIVE NETWORKS Online Backup Compliance Guidelines Sarbanes-Oxley (SOX) SOX Requirements... 2

MIT s Information Security Program for Protecting Personal Information Requiring Notification. (Revision date: 2/26/10)

Significance of Proficient Event Logs Archiving in prevailing over Compliance Worries Whitepaper

GroupWise vs. Outlook 2010 Comparison

STI GROUP DISCUSSION WRITTEN PROJECT

Data Security Policy

Please Read. Apgar & Associates, LLC apgarandassoc.com P. O. Box Portland, OR Fax

ediscovery Solution for Archiving

Information Security Policy

DRAFT IDAHO STATE UNIVERSITY POLICIES AND PROCEDURES (ISUPP) Asset Management Policy #2430

UNIVERSITY OF MASSACHUSETTS RECORD MANAGEMENT, RETENTION AND DISPOSITION POLICY

Congregation Identity Theft Education Program

City of Venice Information Technology Usage Policy

2.0 PAYMENT CARD INDUSTRY DATA SECURITY STANDARDS (PCI-DSS)

plantemoran.com What School Personnel Administrators Need to know

Southern Law Center Law Center Policy #IT0004. Title: Policy

Credit Card Processing and Security Policy

ITEM NO: 4. Date: 23 March Pam Williams Borough Treasurer Wendy Poole Head of Risk Management Audit Services. Reporting Officers:

HIPAA ephi Security Guidance for Researchers

BusinessMail Cloud Archiving. BusinessMail Archiving

Village of Hastings-on-Hudson Electronic Policy. Internal and External Policies and Procedures

LOUISIANA COMMUNITY & TECHNICAL COLLEGE SYSTEM Policy # Title: USAGE POLICY

Electronic Business Communication and University Records ( , Chat and Text) UW- Madison Employee Guidance to. UW-Madison Record Management

WHITEPAPER XMEDIUSFAX CLOUD FOR HEALTHCARE AND HIPAA COMPLIANCE

HIPAA Information. Who does HIPAA apply to? What are Sync.com s responsibilities? What is a Business Associate?

Transcription:

Information Security Standards Email Retention Standard IS-ER Effective Date TBD Email security@sjsu.edu # Version 2.0 Contact Mike Cook Phone 408-924-1705 Standard: Email Retention Page 1

Executive Summary The Email Retention Standard defines the requirements for retention of SJSU email, including the deletion and archiving of electronic mail. This standard is intended to help campus employees and students determine what information sent or received via email should be retained and for how long. This standard of due care will help prevent the unauthorized loss of or destruction of sensitive campus information, as well as ensure that the university is compliant with any litigation or ediscovery requirements. Page 2

Revision History Date Action 5/27/2014 Draft sent to Mike 12/1/2014 Reviewed. Content suggestions. Added comments. Hien Huynh Page 3

Table of Contents Executive Summary... 2 Introduction and Purpose... 5 Scope... 5 Standard... 5 Deletion and Archiving of Email... 5 Retention Period for Deletion of Email... 5 Storage of Sensitive Information in Email... 5 Level 1 Health Insurance Portability and Accountability Act (HIPAA) Information Prohibited 5 Level 1 Payment Card Industry (PCI) Information Prohibited... 5 Storing sensitive attachments received through Email... 6 Storing sensitive attachments received through Instant Messaging... 6 Email and Campus Communication... 6 More Information... 6 Page 4

Introduction and Purpose The Email Retention standard defines the requirements for retention of SJSU email, including the deletion and archiving of electronic mail. This standard is intended to help campus employees and students determine what information sent or received via email should be retained and for how long. This standard of due care will help prevent the unauthorized loss of or destruction of sensitive campus information, as well as ensure that the university is compliant with any litigation or ediscovery requirements. Scope This standard applies to all SJSU State, Self-Fund, and Auxiliary ( campus ) email users with a sjsu.edu or mlml.calstate.edu email address. The information covered in this standard includes, but is not limited to information that is either stored or shared via electronic mail or instant messaging technologies. Standard All information stored in electronic mail format shall follow record retention schedules as established by the California State University Chancellor s Office. http://www.calstate.edu/recordsretention/ Email account owners are responsible for monitoring their email for any applicable material and taking the appropriate action to adequately follow the published retention schedules. Email is a communication mechanism and is not to be relied upon for the long-term archival or storage of sensitive university data. Deletion and Archiving of Email Retention Period for Deletion of Email The retention period for electronic mail in your trash can is controlled by the 3 rd party email provider and is subject to change. Messages contained in a trash folder which has been emptied are irretrievable. Storage of Sensitive Information in Email Storing sensitive attachments in SJSU campus email permanently is prohibited. For more information on the types of information that can be transmitted or stored and their respective classification, refer to the Information Classification and Handling Standard [1] and Cheat Sheet: Information Classification and Handling [2]. Level 1 Health Insurance Portability and Accountability Act (HIPAA) Information Prohibited Users are prohibited from transmitting, storing or archiving sensitive HIPAA emails and attachments in any email system. For more information on HIPAA requirements, refer to the SJSU HIPAA Summary [3]. Level 1 Payment Card Industry (PCI) Information Prohibited Users are prohibited from transmitting or storing sensitive PCI data including credit card numbers in any email system. For more information on PCI requirements, refer to the SJSJU PCI Summary [5]. Page 5

Storing sensitive attachments received through Email Users must not use the email system to permanently store or archive any attachments including sensitive Level 1 or Level 2 information. Instead, users should save the sensitive attachments to their hard drive and apply the required encryption application, where applicable, within one month of receiving the sensitive information. Users must regularly move important information from electronic mail message files to word processing documents, databases, and other files on their hard drive. Storing sensitive attachments received through Instant Messaging Users must not use Instant Messaging applications to permanently store sensitive Level 1 or Level 2 information. These attachments should be regularly moved to the hard drive and apply the required encryption application. Email and Campus Communication For more information on the usage of email and other forms of campus communication, refer to the Email and Campus Communication Standard [4]. More Information [1] San Jose State University: Security Standard for Information Classification and Handling [2] San Jose State University: Cheat Sheet: Information Classification and Handling [3] San Jose State University: HIPAA Summary [4] San Jose State University: Email and Campus Communication Standard [5] San Jose State University: PCI Summary Page 6

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information