Protecting Sensitive/Confidential University Data and Limiting Access
All customers should be aware of ISC's Terms of Service for web hosting, including customers' responsibilities for securing data. For customers with web sites and applications that house sensitive or confidential University data, or who require encryption, ISC can offer the following options. Customers are responsible for requesting/opting-in to these services:
- SSL Encryption: Encrypted versions of websites and web applications on ISC's secure SSL server are available at no extra charge.
- Critical Components Registry: Any web sites or platforms that house sensitive University data must be registered with ISC as Critical Components. This will result in regular platform vulnerability scanning by ISC Information Security.
In addition, customers may opt to secure pages on www.upenn.edu using:
- Web passwords
- Domain or IP address restriction
More information about securing pages may be found at:
Securing Access to Web Pages Using Passwords, IP Addresses, or PennKey
Securing Web Applications and Sites FAQ
All customers should regularly access daily activity logs and weekly summary reports. It is the customers' responsibility to monitor these reports for problems or suspicious activity.
More Information about Provider Reports
Information Security Best Practices and University Computing Policies
Security Best Practices for Applications with Confidential University Data
University Computing Security Policy
University Policies Governing the Appropriate Use of Electronic Resources and the Handling of Confidential Data
ISC Guide to Basic Password Selection Rules
Critical Components Registry