Overall System Status:
The goal of Dartmouth's Information Security Policy is to protect the institution's confidential information. Faculty and staff have key roles safeguarding critical information by implementing information security policies, standards, and controls. To this end, Dartmouth has adopted a comprehensive security policy for the processing, sharing, and storage of information, including electronic, paper, and other media. This policy is embodied in Dartmouth's Information Security Objectives, a matrix of risk-based security controls.
All Dartmouth offices and employees (faculty and staff) must comply with institutional information security policy, and apply the standards and controls that are applicable to the Dartmouth information they manage and use. Students, alumni, and others who have access to Dartmouth confidential information must also comply with this policy. Applicability is determined by the nature of the information, the risks of unauthorized disclosure or corruption of the information, and relevant regulatory requirements. Personally owned information is not subject to this policy.
Most of the security controls are already in place, or easily implemented. However, in certain circumstances, some security requirements may be difficult to configure, and the Chief Information Security Officer (CISO) will work with concerned parties to implement the security controls within a two-year period (by July 1, 2014). Waivers from compliance with certain security controls may be requested via application to DISC (the Dartmouth Information Security Committee) through the CISO. All new IT systems must comply with the security policy and meet its standards and controls upon implementation.
Information Security Representatives should use information security control objectives for ISRs.
IT Staff should use security control objectives: (excel)
Students, faculty, and staff should review security guides.
Vendor Self-Assessment Checklist (excel)
Last Updated: 9/24/14