Policy #: IT0005
Effective Date: 06/10/12
Last Revision Date: 08/02/11
Vice Chancellor, Information Technology
I. PURPOSE AND SCOPE
The purpose of this policy is to establish a requirement to enable and review logs on electronic information resources (eIRs) that contain, access or transmit data classified by UCSC as confidential or restricted. This requirement supports compliance with Federal HIPAA law, Payment Card Industry regulation, UC and UCSC recommendations and industry best practice. It applies to all individuals who maintain affected eIRs.
The following terms used in this policy are defined in the online Glossary of UCSC IT Policy-Related Terms, available at http://its.ucsc.edu/policies/glossary.html.
III. DETAILED POLICY STATEMENT
Procedures must be in place to ensure that access and activity is recorded and reviewed for all electronic information resources that contain, access or transmit data classified by UCSC as confidential or restricted.
All individuals are responsible for following the above log requirements where applicable.
System Stewards, in consultation with Subject Matter Experts where appropriate, are responsible for determining the applicability of the above requirements to systems or data for which they are responsible. System Stewards are also responsible for ensuring implementation and enforcement of the above requirements where they are applicable.
3. Appropriate use and protection of log information
Logs must be accessed, secured and protected according to the nature of the information they may contain. While it is necessary for the University to perform regular collection and monitoring of logs, this activity must be consistent with the provision of least perusal described in ITS' Routine System Monitoring Practices and the UC Electronic Communications Policy.
IV. GETTING HELP
For questions about this policy, or to escalate an issue to IT Security, contact the ITS Support Center at http://itrequest.ucsc.edu/, 459-HELP, firstname.lastname@example.org, or in person M-F 8AM-5PM, 54 Kerr Hall
The campus Vice Chancellor, Information Technology is the campus authority for the UCSC Log Policy. This policy was reviewed and approved by the Campus Provost/Executive Vice Chancellor on 06/10/2012. Next review date is June 2014.
VI. RELATED POLICIES, PROCEDURES, AND RESOURCES