Article 45 – Information Security
49020.15 Confidential or Sensitive Information Stored on Workstations
-
The nature of information classified as confidential or sensitive requires strict controls over access to such assets (SAMState Administrative Manual, § 5335.2). Files containing confidential or sensitive data (as defined in SAMState Administrative Manual § 5335.2) should not be stored in personal computer systems unless it has been demonstrated that doing so is in the best interest of the Department and that security measures have been implemented to provide adequate protection and approval from the AISO has been given.
-
With the aforementioned approval, confidential or sensitive information may be stored on or accessed with workstations in accordance with the following provisions:
-
Only authorized personnel may have access to confidential or sensitive data.
-
Workstations containing or capable of accessing such data shall be equipped with hardware and/or software that provide for authentication techniques, such as password protection of confidential files.
-
HRCI and sensitive files shall be encrypted, if the owner deems it necessary. Encryption software must comply with standards documented in the ISAInformation Systems Analyst. the AISO’s ISSG.
-
Backup files of confidential data shall be maintained in a locked cabinet away from the location of the workstation containing the program providing access to such files.
-
Security hardware/software shall comply with standards documented in the. ISSG.
-
At least two individuals shall be authorized access and have knowledge of the location where data files, backup files, and forms are stored.
-