Who We Are
News & Stories
May 25, 2023
May 18, 2023
June 24, 2023
June 29, 2023
August 20, 2023
University Wide Events
No Communication Compromises
Areas of Study
Changing the world
Community & Innovation
Research Experiences & Services
Our Global Presence
Global at Home
Global Learning For All
Your Journey Starts Here
Tools and Resources
Explore Our Campus
Jun 7, 2023
Jun 6, 2023
Information Security Guidelines
Merrill Learning Center 1120
Last Revised: September 1, 2011
Refer Questions to: Executive Director, Gallaudet Technology Services
A new (T1) & Information Security Agreement is effective as of September 1, 2011. Users who have access to information beyond their own self-service data in enterprise information system, system administrators, and uers with access to confidential and restricted information are required to sign the T1 Information Security Agreement every year. New users requesting privileged access should submit a request via the IT Service Desk. Gallaudet Technology Services (GTS) will send new T1 forms to existing users beginning in Fall 2011.
The following table is a glossary of terms used in the Information Security Agreement (ISA). & It is important to note that Gallaudet’s Data Classification System defines two categories of data that are subject to elevated protection: Confidential Data and Restricted Data. Users with access to such data share responsibility with the Data Stewards (office that manages the data) and the Data Custodians (office that manages the technology systems that store the data) to protect such data, ensuring it is available only to those who are authorized and used only for authorized purposes.
To view, use, or change information.
Authorized duties or activities
Duties or activities that are established by those with appropriate authority (e.g., division head, director, dean, chairperson, manager, or supervisor) related to the role or function of members of the workforce.
Software that is authorized for use by the designated Data Stewards or Data Custodians.
CONFIDENTIAL Information is information that is very sensitive in nature, and requires careful controls and protection. Unauthorized disclosure of this information could seriously and adversely impact Gallaudet University or the interests of students, other individuals and organizations associated with Gallaudet University. Examples include: personally identifiable information, protected health information, workforce records, student records, financial records, social security numbers, credit card numbers, legally protected University records, research data, and passwords.
Expectation that information will be protected from unauthorized use or disclosure.
Make known, reveal, release, transfer, or provide access to information in any manner.
Information Security Officer (ISO)
Gallaudet University has designated an Information Security Officer (ISO) who serves as the Privacy Official who assists in developing and implementing information security policies and procedures. The Privacy Official may identify or appoint designee(s) to assist in the performance of these functions.
Software that the Gallaudet University has been granted permission from the owner to use under a written license agreement or contract.
Minimum amount of information necessary
Minimum Necessary Standard: When using or disclosing RESTRICTED or CONFIDENTIAL information, Gallaudet University must make reasonable efforts to limit disclosures to the minimum necessary to accomplish the intended purpose of the use, disclosure or request. This standard does not apply to:
Personally identifiable information (PII)
Privileged access is access to information in Gallaudet systems and data bases that extends beyond one’s access to one’s own self-service data.
Protected health Information (PHI)
Protected health information is a subset of personally identifiable information maintained in permanent health records and/or other clinical documentation in either paper-based or electronic format.
Gallaudet University possesses exclusive rights over the information within its systems.& This includes business plans, financial information or other sensitive materials and information in printed, electronic or signed/spoken form that may affect employee rights or organization’s operations.
RESTRICTED Information is information that is business data, which is intended strictly for use by designated Gallaudet University employees and agents.& This classification applies to information less sensitive than CONFIDENTIAL information.& Dissemination of this information shall only be made to members of the Gallaudet University workforce or others with an established need-to-know.
Protect or cover from exposure, using precautionary measures.
System Administration Duties
System administration duties consist of all aspects of managing a technology-based information system, including but not limited to, user administration, front-office and back-office hardware and software configuration and management, data base administration, and network, domain, and other technology infrastructure management.
Faculty, teachers, staff, students, temporary employees, contractors, interns and trainees, volunteers and other persons who perform work for Gallaudet University, and whose work conduct is under Gallaudet University direct control regardless of whether or not the workforce member is paid by Gallaudet University.
Use of Gallaudet technology resources prior to September 2011 was governed by the agreement below.
This document applies to data bases for all units within Gallaudet University, including the Clerc Center. Every use of the term “Gallaudet University” herein is inclusive.
I understand that Gallaudet University administrative data bases, instructional support databases, and some research databases contain confidential information that may be protected by Federal law, such as the Family Educational Rights and Privacy Act, by local law, or by Gallaudet University policies.
I understand that the accounts assigned to me granting access to Gallaudet University databases are provided only for job related activities and that all other uses of such accounts are expressly prohibited by the University and may be illegal.
I understand that I may not print, copy, transfer, or expose to others information in Gallaudet University databases except in the performance of appropriate job related functions and that it is my responsibility to gain guidance from an appropriate supervisor when in doubt about sharing information.
I accept responsibility for protecting my account user name(s) and password(s) and assuring that they are not given to or used by any other persons. I understand further that any abuse of my access by another person will be considered the same as an abuse by me.
I understand that Gallaudet University will take action against anyone who accesses confidential databases, including, but not limited to, database/module data in PeopleSoft or WorkDay for purposes unrelated to their work or who misuses Gallaudet University data. Gallaudet University’s actions may include a letter of reprimand, reassignment, loss of data access privileges, termination of employment, or other actions in keeping with Gallaudet University Personnel policies. When access to, or use of, data may be in violation of law, Gallaudet University will refer the matter to law enforcement personnel.
Last Reviewed: 11/04/2019
Gallaudet University, chartered in 1864, is a private university for deaf and hard of hearing students.
Copyright © 2023 Gallaudet University. All rights reserved.
800 Florida Avenue NE, Washington, D.C. 20002