Social Security Numbers – Do’s and Don’ts

-
SSN are classified as High Risk Confidential Information. If you access SSN, you are required to protect it by following these precautions:


  1. Your MyNaz password is highly confidential and should never be used for any other Web site, applica-tion or cloud/web-based service.
  2. Never ask for SSN, unless you have permission to do so.
  3. Files containing SSN should ALWAYS be password protected and encrypted, when stored outside a Nazareth administered systems (such as Colleague, PowerFAIDS, etc.). Papers with SSN must be stored in locked cabinets in a secure location.
  4. SSN should NEVER be stored on portable devices such as laptops, or USB sticks.
  5. SSN must ALWAYS be encrypted when transmitted over email.
  6. SSN must not be disclosed to external parties, without explicit permission.
  7. SSN stored outside of administrative systems must have clear retention and disposal procedures.
  8. All electronic and physical SSN must be securely erased and destroyed after use.
  9. Avoid faxing or printing SSN.
  10. Unauthorized disclosure or loss must be reported immediately.

Popular posts from this blog

What is High Risk Confidential Information?

-
All of us are knowledge workers, with access to the College’s varied data and information. Part of our ongoing responsi-bility is data stewardship, which involves the inter-dependent concerns of Confidentiality, Integrity and Access. Confi-dentiality procedures and practices are designed to prevent sensitive information from reaching the wrong people, while making sure that the right people can get it. The College’s Information Security Policy ( https://www2.naz.edu/its/security-privacy-policies/policies/ ) classifies data into one of three levels based on its sensitivity: High Risk Confidential Information (HRCI), Confidential Information and Enterprise Data. HRCI data is highly sensitive and requires strong privacy and security safeguards due to federal and state laws and Col-lege regulations. It should not be collected or used unless absolutely required for your business function. HRCI data is intended for individual, legitimate use to support specific business processes. The ri...
Read more

Using Savedlists in a Colleague Screen

-
Do you ever have a savedlist of students that you want to process or view through a Colleague screen? For example, what if you had a savedlist of students and you wanted to check their zip code information, on NAE. In-stead of typing them one by one, you can activate the savedlist and process them that way. Here’s how: Let’s say your savedlist is called “ALL.MISSING” and it has 10 records in it. Open up the NAE screen as usual. Now you’re prompted for “Person Lookup”. Type “@SELECT” You’ve been taken to the PSC (Primary Selection Criteria) screen. Next to the prompt “Saved List Name”, enter “ALL.MISSING” (or whatever your savedlist is called) and update out of PSC.*** Next, you’ll get a confirmation message, in this case “10 records selected” Hit OK and update. You’re back at the NAE screen with the prompt “Person Lookup”. Type “@@” NAE will open the first student from your savedlist. When you are done with this student, update (or cancel) and then type “@@” to get the next...
Read more

Fix it, fix it, fix it – Important information when reporting a problem

-
Something not working quite right with your software system? The best way to notify the ITS Applications Team is by submitting a ticket via our online ticketing system. Detailed directions can be found at https://www2.naz.edu/its/report-problem or submit a ticket directly at http://usl (Note: http://usl only works on campus or when connected to VPN off campus) Problems with Colleague, Powerfaids, OnBase, Informer, Starfish, ReportExec and other apps should be directed to the “Apps Team” queue. Problems accessing S: drive folders, printers, VPN, filezilla, etc, should be directed to the TMSD team. Emails or phone calls to an individual App Team member can sit for some time if the person is out of the office or busy all day in meetings. However, the ticket queue is monitored all day. Incoming tickets are routed appropriate-ly, based on subject area, priority and available resources. Someone will see your ticket right away. All of the tickets will initially be re-assigned to you...
Read more