All systems connected to the university network are expected to comply with information security policies and standards that reduce the university’s information security risk. In the event that a system is deficient in one or more standardized controls, the system could become compromised and jeopardize university function. The centralization effort addresses these deficiencies by optimizing investments in technologies that allow systems to be hosted in a centralized controlled environment designed to decrease exposure related to possible loss or exposure of data used in research, teaching and other CWRU-related activities. In recognition that there may be cases where compliance with information security policies or the goals related to server centralization cannot be achieved, an exception must be approved and documented using this process:
- A faculty member, in collaboration with UTech staff, completes an exception form and obtains all required signatures.
- UTech staff will gather any additional information that is required and forward the request to the UTech Information Security Office (ISO).
- UTech ISO will approve or deny the request for an exception and notify the faculty member of the decision with an explanation for the basis of the decision.
- Approval may be contingent upon meeting specific requirements not documented in the request form. If this is the case, the faculty member and the relevant Dean of the School or College must sign an update request form provided with the notification of decision.
- A faculty member may appeal a denial by submitting additional information or requesting a meeting for discussion. Information gathered during the appeal process will be taken into consideration regarding the decision. The faculty member will be notified of the decision and it will be considered final.
- All requests for exceptions will be documented and retained by UTech ISO. Copies will be returned to the faculty member upon request.
- Unless otherwise specified, exceptions will be valid for one year.
- At the time of renewal, the ISO will ask the faculty member to reaffirm the original request.
- If conditions have substantially changed, a new request for exception must be submitted.