Search Slippery Rock University
HOME | Calendar | Library | Athletics | Index | Map
Admissions | Current Students | Academics | Administration | Faculty & Staff | Visitors & Friends


» "Rock Talk" Online
» Academic Calendar
» Contact the Academic Records Office and Staff
» Credit by Examination
» FAQ
» Finals Schedule
» Forms
» Graduate Catalog
» Green & White Student Handbook
» How to order transcripts
» How to order/interpret Degree Audit Reports (DARS)
» How to request attendance/graduation verification
» How to use "Rock Talk" Interactive Telephone and Web System
» Information Security Plan for Information Systems
» Information Security Plan- FTC
» Master Course Schedules
» Student’s Rights Under FERPA
» Summer 2008 - Homepage
» Taking Courses Elsewhere
» Undergraduate Catalog

Home > Current Students > Academic Records & Summer School > Information Security Plan for Information Systems
Click to Print this Page
Appendix A
Information Security Plan for Information Systems
Gramm-Leach-Bliley Act (FTC)
Slippery Rock University

Access control:

Student computer records are stored on an IBM mainframe computer and transaction processing is through IBM CICS. This system is password protected. The transactions are grouped and authorized by function such as student accounts, academic records, and financial aid.
The above system uses the SRU network system to communicate between the mainframe system and the staff using 3270 computer emulation on personal computers. This system is protected by a firewall and users must log onto this network before they can use the CICS system.

Physical Security:

Offices are locked when staff members are not present in the office. Student files are stored in a large safe in the Academic Records Office.

Encryption:

The web student registration system uses encryption when communicating with students over the internet.

Change management process:

The computer systems are stored in an editing system that records the changes that are made to computer programs. This system is also used for system documentation and system run instructions. Access to this system is controlled by the network passwords and a password to login to the system.

Dual control:

The organization structure of the administrative offices and the computer system provide segregation of duties. 

Monitoring systems and procedures:

All changes to student records are logged on a logging file and include the transaction information, computer terminal operator, date and time. The logging file is copied each day and is kept indefinitely.

Incident response program:

The transaction log is reviewed any time there is a question on how data on a student's records were changed.

Disaster recovery program:

The computer files are backed up every evening and stored in a fireproof safe on site. Once a week copies of these file are moved to another site. Some of these files are restored weekly to test the validity of the backup tapes.
A new computer system will be installed May 26, 2003. An identical computer system will be installed in another building on campus. Files will be copied to the backup computer on regular schedule.

 
Contact the webmaster at webmaster@sru.edu.
 Slippery Rock University . 1 Morrow Way. Slippery Rock, PA . 16057
Phone 1.800.SRU.9111
Login