Principle 8 - Data Security and confidentiality.
University administrative data must be safe from harm And when confidential,
accessible only to those with a "need to know."
Because compromised or lost information can detract from the University's ability
to accomplish its mission, the University's information assets must be preserved.
In addition, the University has an obligation to satisfy the legal and ethical
rights to privacy of individuals and organizational units.
- Policies, standards and plans will create classifications of data which
will establish levels of acceptable risk, encryption, access, etc.
- Information technology must support flexible security rules to control access
to data yet accommodate change.
- The University needs to included disaster prevention and recovery in its
business continuity plans to protect its administrative data from harm.
Information Systems and Computing, University of Pennsylvania