Information Technology Division
202 Huston Hall
Cheney, WA 99004
phone: 509.359.2247
fax: 509.359.6847

Policies & Guidelines

Data Classification

The following definitions shall be used to classify data for security purposes:

Normal: The least restrictive class of data. Although it must be protected from unauthorized disclosure and/or modification, it is often public information or subject to disclosure as a public record. Examples of this class of data are: class schedules, course catalogs, general ledger data, and employee demographic statistics.

Sensitive: This class includes data for which specific protections are required by law or for which agencies are obligated to prevent identity theft or similar crimes or abuses. Examples of this class of data are: peoples' names in combination with any of the following: driver's license numbers, birth date, EWU ID number (EWUID), address, e-mail addresses, and telephone numbers. Also included are: agency source code or object code, agency security data, education records including papers, grades, and test results, or information identifiable to an individual that relates to any of these types of information.

Confidential: This class includes those data elements that are either passwords in the traditional sense or function in the role of an access control such as a credit card number, expiration date, PIN, and card security code. All data classified as Confidential shall be encrypted in storage and in transit. Access to these elements are tightly controlled and audited. Examples of these data are: Social Security Numbers (SSN), credit card numbers, expiration dates, PINs, and card security codes, financial profiles, bank routing numbers, medical data, law enforcement records.

Acceptable Use

EWU policy 240-040 - Information Policies and Procedures
The purpose of this section is to provide guidelines for the responsible use of computing, networking and electronic message systems at the university. It is intended to augment existing laws and policies on this issue. Use of EWU computer resources is governed by this policy, the governor's policy on electronic message systems, and applicable state and federal laws.

EWU policy 203-01 - Information Security
This policy addresses acceptable use of institutional data and information systems.

EWU policy 203-02 - Copyright Infringement
This policy prescribes standards for informing university members of copyright infringement issues and for managing possible violations of related policy or federal law. The policy applies to all users and subscribers of computing networks and equipment owned or operated by Eastern Washington University.

Additional AUP/TOS/TOU exist on a per service basis.

Firewall Management

In Development/Review

Patch Policy

In Development/Review

Incident Response

In Development/Review

Sensitive Data Usage

In Development/Review

Vulnerability Management

In Development/Review

Standard Configuration Guidelines

In Development/Review

Password and Authentication

In Development/Review

Information Retention

In Development/Review

Remote Access

In Development/Review

Technology Service Provider

In Development/Review
© 2014 Eastern Washington University