- First issued April 19, 2007
- Revised: September 18, 2009
- Last revised: January 23, 2018
- North Carolina Statewide Information Security Manual
- UNC Pembroke POL 08.00.01 – Electronic Information Management and Security Policy
- UNC Pembroke REG 08.00.01 – Acceptable Use Policy
Contact Information: AssociateVice Chancellor for Technology Resources and CIO, (910.775.4340)
1.1 The University of North Carolina at Pembroke (UNCP) recognizes the strategic value of the data it collects and uses. The university also recognizes its responsibility to ensure the appropriate use, security, reliability and integrity of this data; to safeguard it from accidental or unauthorized access, modification, disclosure, use, removal or destruction; and to comply with relevant federal and state legislations.
1.2 This policy will provide the general framework to classify, manage and protect data collected, used or stored by UNCP.
2.1 This policy applies to all data, whether collected, processed or stored in electronic or other forms (hereinafter “University Data”). It applies to all documents, media, records, reports, files, messages, etc.
2.2 This policy does not to apply to creative and / or scholarly works, including software, art, music, etc., that are addressed by the university’s Copyright Policy unless said creative work includes or contains University Data. In the latter case, this policy shall apply to the University Data included or contained within the creative work, but not the remaining portions of the creative work.
2.3 This policy applies to data collected, used, processed or stored by the university under a grant or contractual agreement unless said grant or agreement assigns ownership of the data to an entity other than the university.
2.4 This policy does not apply to data that the university has purchased or leased the right to use, and is owned by a separate entity.
3.1 Protected Data. University Data to which access is limited by federal or state law or regulation, or by university policy.
3.2 Sensitive Data. University Data which is not addressed by federal or state law or regulation, or by other university policy, but which should nevertheless have limited access due to its nature.
3.3 Public Data. University Data that is not classified as protected data or sensitive data. Public data is available in accordance with NCGS §132-1.
4.1 The university shall develop specific safeguards for all protected and sensitive data. The university shall make information about data in these classifications, and the relevant safeguards, available to all university employees, students, vendors, and/or contractors, as necessary.
4.2 The university may develop additional policies to further manage or secure subsets of University Data. In the case of conflicts between this and such additional policies, the most restrictive policy shall apply.
5.1 The chancellor and his or her designees shall be responsible for the implementation of this policy.
5.2 The vice chancellors and other members of the Executive Staff are responsible for the procedures and processes within their respective division or area to comply with this policy’s security directives concerning university data.
5.3 Each member of the campus community, including employees, contractors, and vendors has the responsibility to report to his or her supervisor or to DoIT any attempt to gain unauthorized access to protected or sensitive data.
6. RANGE OF DISCIPLINARY SANCTIONS
6.1 Persons in violation of this policy are subject to a full range of sanctions, including, but not limited to, disciplinary action or dismissal from UNCP. Any sanctions against employees will be imposed through procedures consistent with any applicable state regulations. Some violations may constitute criminal or civil offenses, as defined by local, state and federal laws, and the university may prosecute any such violations to the full extent of the law.