Policies & Procedures
To protect SIPA's resources and SIPA IT clients--due care is taken in giving privileges to users, processes, and devices. Information security is of paramount importance. This document sets guidelines for authorizing the granting, revocation, and use of privileges.
Access to the computing and network environment is to be used in effective, ethical, and lawful ways that support the values of the School and the functions of its component units. SIPA IT endeavors to create an atmosphere that balances respect for individual computer users and the School's resources in a manner that yields the greatest benefit for all users while maintaining ethical standards for the Columbia University community.
SIPA IT's technical support policy sets forth the severity-dependent service levels the desktop support team uses in responding to submitted support requests. It sets forth the operational procedures designed to ensure continued excellent service for SIPA IT's desktop support clients.
Business units outside SIPA IT's core customer group may utilize our services, as well for fees detailed on the Rate Card. Faculty with research or setup accounts are subject to a service charge.
This document sets forth the school's policy on acquisition, use, and management of software. Access to the computing and network environment is to be used in an effective, ethical, and lawful ways that support the values of SIPA and the functions of its component units. One aspect of establishing such an environment is the management of software assets to derive maximum benefit for the organization and its computing community.
SIPA IT outlines in this policy its technical support process, request submission mechanisms, definitions for determining the priority or a request with respect to the severity of its actual or potential impact, and targets service levels for acknowledgement, assessment, and resolution of requests.
The School of International and Public Affairs Information Technology (SIPAIT) office maintains policies about the use and security of its system in the interests of protecting users and ensuring reliability of mission-critical systems. These policies supplement the university (CUIT) security policies. All users are expected to be familiar with and adhere to these policies. These policies can be found at:
SIPAIT policies: http://sipa.columbia.edu/sipait/policies-procedures
CUIT policies: http://cuit.columbia.edu/cuit/it-policies
CUIT Information Security Charter: http://policylibrary.columbia.edu/information-security-charter
Security Compliance at CU:
During the course of the year, you will be asked to confirm compliance with the University policies on sensitive user data stored on computers. This includes Social Security Number, Date of Birth, Visa and Passport numbers, and Credit Card information. This requires ongoing vigilance for data stored on computers, including the network drives. These policies also apply to all removable media and printed material. The CU policies on sensitive data can be viewed at: http://policylibrary.columbia.edu/data-classification-policy (data classification can be found in the Appendices);
User Responsibility and Remediation:
For users on the SIPA network, SIPA IT will periodically scan their computer systems, and network drives. SIPAIT will then contact you if any data needs attention. Users administering their own system will be asked to verify that they are in compliance with University policies.
Below is a summary of steps to take if you find yourself dealing with sensitive data.
• Remove any sensitive data from files you wish to retain, if possible.
• Delete all files that are not needed.
• Empty the trash.
• Identify any files/folders that you need to retain with sensitive data. Contact SIPA IT to plan for encrypting data in accordance with University policy.
• Provide written justification for keeping any sensitive data which you have identified. Fill out appropriate forms (available from SIPAIT) for submission to the University.
All precautions must be taken to secure these materials. If you are responsible for student and temp staff working in your office, please advise them of the University policy on sensitive data. Penalty for non-compliance is high for SIPA and CU. Your help in making SIPA compliant is greatly appreciated.
If you have any questions, please feel free to contact email@example.com.
Columbia is committed to promoting the safety and security of all students, faculty and staff. As an employee of the University, it is your responsibility to protect sensitive or confidential University information, defined by the University’s Data Classification Policy at http://policylibrary.columbia.edu/data-classification-policy.
What You Need to Know
To help protect our users from the unsecured sharing of sensitive information and to ensure compliance with the University’s policy for encrypting sensitive data, SIPAMAIL on Microsoft Online Exchange will automatically filter and block emails or attachments that may contain non-encrypted sensitive data. These policies are in effect as of October 12, 2014.
Similar to filtering email for spam, the automated system will filter emails for the presence of patterns that resemble SSNs, credit card numbers, banking information and driver’s license number. If such a pattern is detected, the email will be automatically blocked and the system will send out a confidential email notice to the sender. All users are advised to encrypt any sensitive data before sending it as an email attachment.
For further questions, please feel free to contact Noel Vargas or Harpreet Mahajan. For assistance with encryption, please send an email to firstname.lastname@example.org.
Tools for Encryption
Note: Sensitive data should only be sent via email if absolutely necessary. In such instances, please encrypt the data and send it as an attachment. The password to open the file should be sent separately.
Given below is a list of programs that can be used to encrypt files before they are sent as an attachment in an email.
Encrypt Office documents, workbooks and presentations in Office 2013: see instructions.
WINZIP Pro: Software for Windows and Macs that will Zip and UnZip files. See Securely Encrypt Files with WinZip at http://cuit.columbia.edu/securely-encrypt-files-winzip.
For more updates, visit Encryption Tools
Our server backup policy reflects SIPA IT's commitment to safeguarding the information assets of SIPA IT Computing and maintaining a highly available and secured systems.
SIPA IT team members have certain privileges and powers. With these privileges come responsibilities, and the Code of Conduct for SIPA IT team members describes these responsibilities and the rights associated with managing the school’s computing resources.
All users are subject to the Columbia University policies. Please familiarize yourself with policies especially thiose that govern Email, Network use, data security and compliance. SIPA IT policies observe and supplement CUIT policies, as needed.
Users are responsible for familiarizing themselves with the University compliance policy on sensitive user data stored on computer(s). This includes Social Security Number, Date of Birth and Credit Card and Passport information. No personal data should be stored on any Columbia University purchased equipment. Users should periodically review data on their desktop/laptop(s)/network drives and confirm compliance with the university policy. This requires ongoing vigilance by each user for their and any shared data.
Users can take the following steps to be in compliance.
Remove any sensitive data for files you wish to retain, if possible.
Delete all other files identified in the report that are not needed.
Empty the Recycle Bin or trash.
Identify any files/folders that you need to retain with sensitive data. Provide written justification for keeping any sensitive data. SIPAIT can provide you with appropriate templates/forms to be filled, which will be submitted to the University.
Please remember that personal work, including tax returns, should not be saved on the SIPA network. It may be removed without warning.
Please remember that these policies apply to all removable media (such as USB flash drive, external drive, CDs and DVDs) and printed material. All precautions must be taken to secure these materials. If you have students working for you, please advise them of the policy. Penalty for non-compliance is high for SIPA and CU. Your help in making SIPA compliant would be greatly appreciated.
Columbia University policies are available at:
http://policylibrary.columbia.edu/data-classification-policy (Examples of sensitive data can be found in Appendices);
SIPAIT provides services that supplement CUIT services for students, staff and faculty.CUIT issues each user a UNI Email address.
Students; Each registered and domestic dual degree student is issued a network ID for access to applications and data on the Citrix Network for the duration of a term.Student Support team provides support for software realted issues on student laptops (English OS only). They also have access to the SIPA student labs.
Staff: Each staff member is issued a SIPA network ID for office work. Regular staff also are issued a Office 365 Exchange account for email for their official work and a UNI@sipa.columbia.edu email address. Equipment is determined by SIPAIT, purchased, configured and setup fr each office. Equipment may be encrypted as deetermined by SIPAIT and to meet CU University policies.Mobile devices may be requested by supervisors.
Faculty: SIPAIT works with full-time faculty to facilitate purchase of equipment and configuration, as needed. There are rooms setup with equipment for the Adjunct faculty, who are issued a network ID for the duration of their hire.
Users are responsible for ensuring that work related data is made available to be transferred for the successor. This includes documents on the local system (desktop or laptop), network drive, shared network drive, and emails related to work/projects. Users are responsible for removing any personal data on the last date of their employment. Managing personal data files and emails is user responsibility. The user can consult with SIPA IT and request assistance to facilitate transition.
The network login ID, Email at SIPA and any related access will be terminated at the end of the user’s last day of employment at SIPA. While respecting privacy of the user, in circumstances where the user has not made the data available before leaving, the General Counsel (GC) may authorize reading of the data. Please refer to http://policylibrary.columbia.edu/email-usage-policy-1 for situations where the data may be accessed.
Return of SIPAIT Property:
If the user has received any of the following from SIPAIT, these must be returned before leaving SIPA.
USB flash drive with SIPA data
If there are any questions, the user may contact email@example.com for assistance.
SIPAIT Business Continuity Plan (Authentication required)