Password Maintenance

Purpose

The purpose of this Policy describes the password measures implemented at Lynn University to safeguard access to Institutional Data by authorized users.

Policy

Password maintenance is the most important activity a user can participate in to secure institutional data. Passwords help protect against misuse by seeking to restrict use of University systems and networks to authorized users. Each authorized user of the University is assigned a unique password that is to be protected by that individual and not shared with others. The University has implemented a password maintenance policy that requires authorized users to maintain a password in accordance with a minimum acceptable password standard. The password should be changed on a regular basis to prevent the accidental exposure of a password to others.

Definitions

Authorized User(s)-a user of Technology Resources including, but not limited to, employees, temporary employees, faculty, students, alumni, campus visitors, contractors, vendors, consultants and their related personnel, and other users authorized by the University to access its systems and networks.

Information Technology Resources-are assigned computer accounts, email services, and the shared University network(s), which includes resources, staff and facilities operated by the University, whether owned, leased, used under license or by agreement, including, but not limited to: telephones (including Electronic Devices) and telephone equipment, voice mail, SMS, desktop laptop computers, electronic devices, hardware, software, networks, computing laboratories, databases, files, information, software licenses, computing-related contracts, network bandwidth, usernames, passwords, documentation, disks, CD-ROMs, DVDs, magnetic tapes, and other electronic media or storage devices. Email, chat, facsimiles, mail, any connection to the University's network(s) or use of any part of the University’s network(s) to access other networks, connections to the Internet that are intended to fulfill information processing and communications functions, communication services, hardware, including printers, scanners, facsimile machines, any off-campus computers and associated equipment provided for the purpose of University work or associated activities.

Institutional Data - is any information, including Directory Information, PII, and Student and Employee Financial Information, and Public Information that can be linked to any individual, including but not limited to, students, faculty, staff, patients, or contractors. Institutional data and all applications storing and transmitting such data, regardless of the media on which they reside, are valuable assets, which the University has an obligation to manage, secure, and protect.

Employee Financial Information—that information the University has obtained from an employee in the process of offering a benefit or service. Offering a benefit or service includes all University sponsored benefit plans and University financial services such as flexible spending accounts, and personal payroll services. Examples of employee financial information include bank and credit card account numbers, income and credit histories and social security numbers, in both paper and electronic format.

Student Financial Information—that information the University has obtained from a student in the process of offering a financial product or service, or such information provided to the university by another financial institution. Offering a financial product or service includes offering student loans to students, receiving income tax information from a student's parent when offering a financial aid package, and other miscellaneous financial services as defined in 12 CFR 225.28. Examples of student financial information include bank and credit card account numbers, income and credit histories and social security numbers, in both paper and electronic format.

Procedures/Guidelines

Not applicable.


For more information about this policy, contact Information Technology.

Policy updated on: Oct. 24, 2018