Body
Purpose
- Provide a procedure for departments to access departmental data stored on workstations used by employees who are leaving the department.
- Provide a procedure by which new employees are provided with a properly updated and secured computer free from someone else’s customizations, personal software and personal data.
- Decrease the number of Service Tickets entered to recover departmental data from computers formerly used by separated departmental employees after the employee has left.
Guideline
- All departmental data should be backed up regularly, regardless of its location.
- Departmental data should not be stored on individual departmental workstations. Whenever possible, data should be stored in a secure location (e.g., departmental server, Network Attached Storage device) where:
- data access is controlled and logged
- data are automatically backed up on an appropriate schedule.
According to the University Disk Sanitizing Policy, all vacated computers shall be re-imaged before they can be used by another person.
Procedures
When an employee is scheduled to leave the department, the employee’s department shall:
- Obtain all required departmental data from that employee before the employee departs.
- Enter a Service Request to have the employee’s workstation reimaged before it is used by anyone else.
If a department fails to follow the Disk Sanitizing Policy and departmental data must be recovered from a vacated workstation:
- A Service Request shall be opened by the Departmental Chair of the department requesting the data recovery.
- The ITCS representative shall remove the former user’s data (except the .pst file) from default data locations on the workstation.
- The .pst file is considered part of the former employee’s email. It shall not be opened or provided to anyone without the personal approval of the Chancellor.
- If saved email contained in the .pst file is required, the file shall be opened and searched according to the procedures established by IT Security, the University Attorney, and the Office of the Internal Auditor after the Chancellor has granted permission.
- ITCS or its representatives shall not be responsible for locating data stored in non-default locations or using non-default file extensions.
- The recovered data shall be moved to the workstation used by the Departmental Chair, who shall be responsible for the appropriate distribution of the data.
- The Departmental Chair shall be provided with a copy of the Disk Sanitizing Policy.
- The vacated workstation shall be re-imaged as soon as the former employee’s data has been copied