1 / 5

Berkeley Data Authorization Process

Berkeley Data Authorization Process. MATCHING DATA with IT SERVICES. CISPC, April 19, 2012 Lisa Ho, IT Policy Manager, Berkeley Privacy & Policy Office. Berkeley Data Authorization Process. The Questions. What is restricted and notice - triggering data?

brone
Download Presentation

Berkeley Data Authorization Process

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Berkeley Data Authorization Process MATCHING DATA with IT SERVICES CISPC, April 19, 2012 Lisa Ho, IT Policy Manager, Berkeley Privacy & Policy Office

  2. Berkeley Data Authorization Process The Questions What is restricted and notice-triggering data? From Resource Proprietors (functional owners):  What service providers (on or off-campus) are appropriate for my data/system? From Resource Custodians who provide/manage IT services:  What kind of data is under my custodianship What security controls are required? Can I host restricted/notice-triggering data? From End Users: Where can I store my restricted data?

  3. Berkeley Data Authorization Process The Answers • Classify campus data  • Definitions and process • Secure campus data • Authorize data use • Approve services (on and off campus) for a data class • Develop an information bank • Publish approved services • Reduce duplication of work • Respond to the Business Finance Bulletin IS-2 • Classify, inventory, and define appropriate security controls for institutional data

  4. Berkeley Data Authorization Process What is the process? A: General System Inventory B: Protected Data Screen C: Data Privacy Questionnaire D: Privacy Impact Assessment E: Data Classification F: Baseline Risk Questionnaire G: Information Risk Assessment H: Resource Proprietor Approval A: General System Inventory B: Protected Data? Yes More Review No H: Resource Proprietor Approval Data Authorization Issued https://security.berkeley.edu/content/data-authorization-process-draft

  5. High-level Rollout Plan • Pilot • Off-site hosting • Systems in the spotlight • Expand to other systems • Eventually align with campus OE initiatives Berkeley Data Authorization Process

More Related