Skip to main content
 
Academic Records and Summer School 

 Information Security Plan for Information Systems 

 

SPOTLIGHT

Appendix A
Information Security Plan for Information Systems
Gramm-Leach-Bliley Act (FTC)
Slippery Rock University

Access control:

Student computer records are stored on an IBM mainframe computer and transaction processing is through IBM CICS. This system is password protected. The transactions are grouped and authorized by function such as student accounts, academic records, and financial aid.

The above system uses the SRU network system to communicate between the mainframe system and the staff using 3270 computer emulation on personal computers. This system is protected by a firewall and users must log onto this network before they can use the CICS system.

Physical Security:

Offices are locked when staff members are not present in the office. Student files are stored in a large safe in the Academic Records Office.

Encryption:

The web student registration system uses encryption when communicating with students over the internet.

Change management process:

The computer systems are stored in an editing system that records the changes that are made to computer programs. This system is also used for system documentation and system run instructions. Access to this system is controlled by the network passwords and a password to login to the system.

Dual control:

The organization structure of the administrative offices and the computer system provide segregation of duties. 

Monitoring systems and procedures:

All changes to student records are logged on a logging file and include the transaction information, computer terminal operator, date and time. The logging file is copied each day and is kept indefinitely.

Incident response program:

The transaction log is reviewed any time there is a question on how data on a student's records were changed.

Disaster recovery program:

The computer files are backed up every evening and stored in a fireproof safe on site. Once a week copies of these file are moved to another site. Some of these files are restored weekly to test the validity of the backup tapes.

A new computer system will be installed May 26, 2003. An identical computer system will be installed in another building on campus. Files will be copied to the backup computer on regular schedule.

 

Writing Outcomes for SRU Graduates

Academic Records and Summer School
107 Old Main
Slippery Rock University
Slippery Rock, PA 16057
Phone: (724) 738-2010
Fax: (724) 738-2936
academic.records@sru.edu