Security Policies

The School of International and Public Affairs Information Technology (SIPAIT) office maintains policies about the use and security of its system in the interests of protecting users and ensuring the reliability of mission-critical systems. These policies supplement the university (CUIT) security policies. All users are expected to be familiar with and adhere to these policies. Please familiarize yourself with policies especially those that govern Email, Network use, data security and compliance. These policies can be found at: 

• CUIT policies
• CUIT Information Security Charter
• CUIT Policies
• Email Usage Policy
• Acceptable Usage of Information Resource Policy
• Data Classification Policy

Security Compliance at CU

SIPAIT system is configured to alert of security breaches and complaint violations from SIPA Clients. These violations include but are not limited to sending SSN, driver’s license, credit card, DOB etc. over unencrypted emails. When sending an email with confidential or sensitive data, users must encrypt data and set it to “Do Not Forward” so that the data is between you and the party you are sharing it with. Otherwise, when the data is downloaded by the recipient, it does not retain its encryption status, and can be easily forward. SIPAIT is alerted whenever sensitive/confidential data is sent out in an email. 

User Responsibility and Remediation

Without limiting anything set forth in the Columbia University Network Use Policy, each user is responsible for the security of network resources. To that end, each user must take all reasonable steps to protect virtual and physical access to the Software and Services originating from or transmitted through or to user resources. User will maintain any reasonable and appropriate administrative, physical, and technical level of security regarding their account ID, password, antivirus and firewall protections, and connectivity with the Services. User shall be responsible for the confidentiality and use of user’s username, password, and other security data, methods and devices. Users shall be solely responsible for all information electronically transmitted (including sensitive and confidential data), or use of any such data, information regarding the Services, or use of the Services, themselves, obtained using user’s username, password, and other security data. User shall immediately notify SIPAIT if there is any unauthorized use of their passwords or other security data or any use inconsistent with the terms of the Agreement. 

All users must comply with CUIT and SIPAIT policies. The penalty for non-compliance is high for SIPA and Columbia University. Please contact [email protected] for questions. Below are steps users can take when dealing with sensitive data.

• Remove any sensitive data from files you wish to retain, if possible.
• Delete all files that are not needed.
• Empty the trash.
• Identify any files/folders that you need to retain with sensitive data.  Contact SIPA IT to plan for encrypting data in accordance with University policy.
• Provide written justification for keeping any sensitive data which you have identified. Fill out appropriate forms (available from SIPAIT) for submission to the University.