Technical and operational safeguards must be used to secure and monitor all information technology used to collect, store, access, process, transport and transmit PI. safeguards shall be implemented and maintained in acordance with the exisiting university policies that pertain to the management of information systems, modes of communication and data processing that involve PI. Some examples include:
> Secure methods shall be used when generating, assigning and distributing unique identifiers.
> Records and files containing PI stored on laptop computers or other protable devises should encrypted accoding to policy.
> Paper and electronic records (including records stored on hard drives or other media) containing PI shall be disposed of only in a manner thatcomplies with M.G.L. c. 93I.
> Records and files containing PI that will travel across public and wireless networks should be encrypted according to university policy.
> Software and infrastructure that is maintained by the university will be maintained at acceptable levels to esnure reliability and minimize risk from potential vulnerabilities.