Guru's Verification engine ensures consistency, confidence, and trust in the knowledge your organization shares. Learn more.

Standard for Handling Institutional Information

Introduction

Information can exist in many forms, both electronic (e.g., computer hard drives and any removable and/or transportable digital memory medium, such as magnetic tape or disk, optical disc, “flash” drive, or digital memory card) and non-electronic (e.g., paper, microfilm, microfiche).

The Protection Level at which Institutional Information is Classified determines, along with any applicable laws and regulations, the rules for handling that information.

“Handling” information refers to any action related to acquiring, storing, using, transmitting, archiving, deleting, or destroying information.

Definitions

Special terms used in this document will be Capitalized and underlined, signifying that they have special meaning. A comprehensive glossary of terms, with examples, can be found at ispo.newschool.edu/glossary.

Purpose

This standard defines the minimum requirements for handling Institutional Information in any format. Individual offices and departments of the university may establish more stringent information handling procedures that augment these minimum requirements when appropriate. Users of Institutional Information are urged to contact the relevant Data Owner or the Information Security and Privacy Office for guidance in cases that present handling questions or security concerns.

Scope

This standard applies to all university Institutional Information and IT Resources, irrespective of whether they are maintained by The New School or a third party on the university’s behalf or whether they are accessed from on-campus or off-campus locations, and to any individual who accesses or in any way makes use of them, regardless of affiliation. This includes, but is not limited to, Workforce Members, students, and alumni.

Requirements

This standard defines the techniques and tools that should be used when:

  • Handling printed documents (including printing, storing, duplicating, mailing, and faxing)
  • Handling electronically stored information (including storage on internal servers, use of external cloud storage and collaboration services, storage on removable/transportable media, and storage on mobile devices)
  • Handling electronically transmitted information (including electronic mail, file transfer, web services, and collection of information via web forms)
  • Handling regulated information (including Education Records, Cardholder Data, Personal Financial Information, Protected Health Information, and Controlled Unclassified Information

Detailed Requirements

  1. Disclosing Information to Third Parties
  2. Handling Printed Documents
  3. Handling Electronically Stored Information
  4. Handling Electronically Transmitted Information
  5. Special Requirements for Regulated Information
  6. Special Handling Instructions

References

Review

This standard is reviewed on a periodic basis and updated as necessary by the Information Security and Privacy Office to ensure it remains accurate, relevant, and fit for purpose.

You must have Author or Collection Owner permission to create Guru Cards. Contact your team's Guru admins to use this template.