Please review these helpful guidelines and best practices for administering a departmental Piratedrive folder.
Required responsibilities
Each department’s Piratedrive folder should have a primary administrator and a backup administrator.
Piratedrive administrators are required to:
- Plan the folder structure
- Maintain documentation of folder administration
- Grant and remove user access on as-needed basis. Choose level of access for users (only administrators should have full control)
- Review and modify user access on as-needed basis (at least twice annually)
- Obtain ITPC approval to store Social Security Numbers
- Obtain IT Security approval of HIPAA data storage measures
- Protect sensitive data
- Notify ITCS if your role changes and you are no longer a folder administrator
Review folder security
Remove a user’s access as soon as the user retires, resigns, transfers, is terminated or no longer requires access.
Review folder security twice annually. For auditing purposes, IT Security provides an Excel spreadsheet of folder permissions every six months. Review the permissions, make any necessary security changes, and document when the review/changes occurred. It may also be helpful to document permissions for any folders where non-departmental users have access. Download the Security Review Log template from the Piratedrive Support service request.
Limit user access
Consider a user’s role and grant the LEAST level of access required-not everyone needs access to everything!
- Consider creating a folder for each user to store his/her own documents
- Reserve some subfolders for specific types of data and only grant access to authorized users. Data such as SSN and HIPAA should be limited to specific users
- When adding user permissions, grant the user the least amount of access needed. ITCS recommends two basic permissions types:
- Read-only: This allows the user to open files, save them locally, but not make any changes.
- Modify: This allows the user full read/write access
- Full Control permissions are for the folder administrator/backup administrator. Avoid giving this access to others as it allows them to change permissions. Do not remove permissions for INTRA\domain admins or PIRATEDRIVE\administrators. These accounts are required.
- Be cautious if adding permissions for Everyone, Domain Users or Authenticated Users, as this allows anyone at ECU access to your data. It is a security violation to allow unauthorized persons access to your data.
Find help and resources
- For more information on IT Security best practices, resources, and compliance, visit the ECU IT Security website.
- Information on HIPAA privacy and security can be found at HIPAA page.
- Folder administrators can always contact the IT Service Desk 328-9866 | 800.340.7081 for assistance.