Information

Information Access & Protection Standard

Information Access & Protection Standard

The Information Access & Protection (IAP) Standard provides requirements for the proper handling of information at RIT.

Information Classifications

The standard classifies information into four categories: Private, Confidential, Internal, and Public.

Private information

Private information is information that is confidential and which could be used for identity theft. Private information also has additional requirements associated with its protection (e.g., state and federal mandates). Examples include:

  • Social Security Numbers (SSNs), Individual Taxpayer Identification Numbers (ITINs), or other national identification numbers
  • Driver’s license numbers
  • Financial account information (bank account numbers, checks, credit or debit card numbers), etc.

Confidential... ...

Private Information Management Initiative (PIMI) FAQ

Jump to:

General

Responsibilities

Scanning/Results

Non-Windows

Questions


General

What is the Private Information Management Initiative?

The Private Information Management Initiative (PIMI) is a program where RIT Information Technology Services helps RIT faculty and staff scan their computers and attached drives to determine if they contain private information (PI). When PI is found, each RIT faculty and staff member is responsible for remediating the private information by redacting or shredding the files.

The program also includes destruction of paper files containing nonessential PI.

The goals of the program are to identify and reduce the... ...

Portable Media

Portable Media Security Standard

Portable media such as USB keys, flash memory, CDs/DVDs, etc. are a crucial part of daily business. However, portable media is easily lost or stolen and may cause a security breach.

Because portable media can be stolen or compromised easily, users should take precautions when using it to transfer or store Confidential information. We strongly discourage placing Private Information on portable media.

 

Approved Portable Media 

When handling RIT Private or Confidential information, you should use only portable media that provides an approved encryption level (the RIT Information Security... ...

Media Disposal Recommendations

Media Disposal Recommendations

... ...
Media Disposal Method

Paper

Use a shredder. Crosscut is preferred over a strip shredder. 

Disposal of paper records containing Private or Confidential  information should be accomplished by crosscut (or better) shredding, placement in a locked document destruction bin, or through vendor-supplied services under a contract approved by RIT Procurement Services.

CD, DVD, diskette, etc.

Use the media shredder (located at the ITS Service Desk, 7B-1113).

Hard Drives

If the hard drive is to

Contact Us

RIT Information Security Office

Location
Information Security Office
Ross Building 10-A201

Mailing Address
Rochester Institute of Technology
151 Lomb Memorial Drive
Ross Building 10-A201
Rochester, NY 14623-5608

E-mail infosec@rit.edu
Phone  (585) 475-4123
Fax (585) 475-7920


Staff Directory

... ...
Name   E-mail Contact
Aldwin Maloto
Information Security Officer
abmiso@rit.edu Phone: (585) 475-6972
Office: ROS 10-A204
Jim Moore
Senior Information Security Forensic Investigator