Iowa Courts Electronic Data Security Policy [Read-Only]

[Pages:19]Iowa Courts Electronic Data Security Policy

Bench & Bar Spring CLE February 23, 2017

Purpose

Educate Iowa Judicial Branch personnel about their obligation for protection of all data assets. Ensure security, integrity, and availability of all Iowa Judicial Branch, Iowa citizens and customer data. Establish the Iowa Judicial Branch data security standard and subsequent classification plan.

Inclusion

The data policy applies to all Iowa Judicial Branch and customer data assets that exist in any Judicial Branch processing environment, or any media during any part of its life cycle. All personnel (full or part-time), contractors, consultants, temporaries, and others including personnel working with third parties.

Policy Detail

With the exception of data defined as public, which is accessible to all citizens, data and processing resources are only accessible on a need to know basis to specifically identified, authenticated, and authorized entities.

Data Classification

Public ? data that is not protected by state or federal law that can freely be given to anyone without any possible damage to the Iowa Judicial Branch, its partners or Iowa citizens. Confidential ? Data which is legally regulated and data that would provide access to confidential or sensitive data.

Data Usage

All users (internal and external) must do so only in accordance with this policy. Only uniquely identified, authenticated and authorized users should have access to confidential data. Each user with access to confidential data must ensure data assets under their direction or control are properly safeguarded based on:

Sensitivity Proprietary nature Criticality

Data Usage (Cont'd..)

Access control lists must be used to ensure that only authorized users can access data to which they have been granted explicit access rights.

Data Transmission and Storage

Confidential data that is transmitted or stored within the Judicial Branch network, applications, or systems must be secured via firewalls and/or cryptographic mechanisms.

Access control lists must also be used to ensure only authorized users can access confidential data to which they have been granted explicit access rights.

Confidential data in a physical format (SD card, flash drive, etc.) cannot be transmitted or shipped through untracked delivery methods. Data must be encrypted and shipment tracked.

 ................
................

In order to avoid copyright disputes, this page is only a partial summary.

Google Online Preview   Download