Information Technology

Sensitive Data Inventory Procedures

This procedures document outlines how Information Technology will perform the Annual Sensitive Data Inventory and how that inventory is used to secure campus information assets.

Comments or feedback on these procedures should be directed to The Office of the Chief Information Officer at (831) 582-4700.

Scope

This procedure applies to all CSUMB departments.

Annual Sensitive Data Inventory

Each year (as required by CSU Policy) CSUMB will perform a Sensitive Data Inventory to determine those departments and locations where Level 1 and Level 2 information assets are stored. This inventory will encompass both physical and electronic records.

Inventory Results

The results of the annual inventory will be coordinated by the Office of the CIO and used to determine what measures may be necessary to ensure the security of sensitive data across the campus. The Director of IT Compliance and Planning will meet with the head of each department identified as storing sensitive data to assess how to secure those information assets. These measures may include (but are not limited to):

  • Physical security for printed materials
  • Disk encryption for electronic materials
  • Removal of data from workstations, laptops, or other electronic devices
  • Destruction of records according to CSU Records Retention Schedules
  • Installation of Identity Finder

Periodic Review

The University Chief Information Officer/Information Security Officer shall conduct an annual review of the Sensitive Data Inventory Procedures to ensure that it remains appropriate and relevant.

Last reviewed/updated

06/21/2019 by Chip Lenno, CIO/ISO