Purpose

The guidelines are intended to establish the requirements for the application of encryption to data and equipment as a means of protecting the confidentiality, integrity and availability of the University’s information assets.

Scope

These guidelines apply to all devices, physical or virtual where university data is classified as confidential or highly sensitive.

General Guidelines

University classified information shall normally be created and stored within a University managed secured system, as per the University’s Storage Guidelines. However, when University classified information is transmitted outside such a secure system, it shall be encrypted in transit. Encryption in transit may include encrypting a file sent via email, encrypting a portable hard disk being used to transfer data or the use of encrypted transmission protocols such as SSL.

The individual handling University Information takes full responsibility for the application of the required security controls and for ensuring that the information is secure throughout its lifecycle, which will include ensuring the device is securely wiped of sensitive Information before disposal.

Requirements

Transmission

In order to protect the confidentiality and integrity of the University's sensitive data; any data classified as confidential data, and having a required need for confidentiality and/or integrity, shall be transmitted via encrypted communication to ensure that it is protected and does not traverse communication channels in clear text. Refer to University Data Classification Guidelines for further clarification on the classification of university data.

Storage

In order to protect the confidentiality and integrity of university assets all instances of data must comply with the University Storage Guidelines.

Contact the Information Services Faculty and Staff Helpdesk for support with email and device encryption protocols.