Return to: U of M Home |
|
myU | One Stop | Directories | Search U of M |
|
|
|
|
|
|
|||||||
|
|
|
|
STANDARDS & GUIDELINES GUIDELINE—Critical Server Identification (Appendix O)Responsible Office: Office of Information Technology GUIDELINE IntroductionIdentifying critical servers is an important part of the University's ongoing risk management and operational improvement initiatives, and is also related to our compliance obligations. OIT Security will work with departments to provide routine vulnerability scans and on a priority basis will consult with your technology staff to further improve security measures. It is important that computer and data owners identify and report critical servers to the OIT Security. If in doubt, include the server. For this purpose, a server is a multi-user computer, which provides some service for other computers connected to it via a network. The most common examples are departmental/collegiate file servers, web servers, mail servers, and database servers. A "critical" server is important to accomplishing the University/collegiate unit/business unit mission or which stores legally protected or other important non-public data. Note: Servers that store legally protected data are required to be identified to OIT Security by following the implementation steps below. Critical servers meet at least one of the following criteria: A. Data Criteria:
B. Level of impact if server unavailable:
C. Other Criteria:
To learn more about nonpublic data or data legally protected by HIPAA Privacy or legally protected Student data, see http://www.umn.edu /oit/security/moreinfo.html ImplementationTo assist with collecting information on critical servers, complete one of the following:
Additional background information and instructions are available for completing the form. Send completed forms and spreadsheets to: OIT Security & Assurance Questions, send e-mail to oit.security@umn.edu Resources and Links
|
|
||||
|
