Franklin College File Share Sensitive File Scanning Process

Summary

Franklin OIT has adopted the following procedure for the scanning and mitigation of sensitive and restricted data located on network-shared resources such as individual and unit-level network file shares.

The Systems Management Team (SMT) Windows group will utilize campus standard tools to scan network file shares and services in order to identify files suspected of containing restricted data, such as Social Security Numbers (SSNs). These tools will be used to scan individual/personal network shares as well as unit-level group network shares and provide a list of suspected files to send to the unit.

Process

  • Perform scans on individual and unit shares on a quarterly basis.
  • Send the report/listing of files identified as containing restricted data to the identified owner or if no owner is identified, the primary contacts for the unit (offman/ctrom and/or head/dir).
  • From the time of notice, the recipient will have 30 calendar days to mitigate the restricted data or report back that the identification was in error (i.e., a false-positive). 
    • Individuals or units identifying a file containing restricted data as necessary for business must provide a business case for use and will be expected to fund and use a service built to handle this type of data (e.g., Secure IFS + Secure VDI, Secure Reports, etc.).
    • Files that are required for a business process which contain sensitive information that is not required will need to have the sensitive information securely redacted from the file.
  • After 30 calendar days, SMT quarantines identified files into a directory with restricted access. 
    • For unit shares, the primary contacts for the unit must identify and provide a list of the individuals responsible for the review and cleanup of the quarantined files to Franklin OIT. Identified users are the only individuals granted permission to view and modify files inside the quarantine location.
  • From the period of quarantine, the client will have an additional 30 calendar days to cleanup and mitigate the restricted data from the files or identify false-positives. 
  • After the completion of the 30 calendar days for quarantine, SMT removes any remaining files identified as containing restricted data from the server and archives them to disc for a period of 4 months before destruction.

Process Timetable

Item

Timeline

FOIT Actions

Owner/Unit Actions

Scan SharesQuarterly by Calendar Year
  • Utilize standard tools to scan individual and unit file shares
  • None at this stage
Send notificationsUpon completion of scans
  • Notify Owner/Unit of files identified as containing sensitive or restricted data
  • Receive and review information provided in email
First Cleanup PeriodFor 30 days following notification
  • Process information received from clients regarding false positives or requested deletions
  • Provide clarification to clients who have questions
  • Remediate/remove data
  • Report false positive
Quarantine Data

30 days after scanning

  • Quarantine identified files to isolated location
  • Notify affected individuals/units of quarantined files
  • Review notification and refer back to original message as needed
Second Cleanup PeriodFor 30 days following quarantine
  • Provide access to identified individuals for review and remediation of unit shares
  • Process information received from clients regarding false positives or requested deletions
  • Provide clarification to clients who have questions
  • For unit shares, identify individuals tasked with review and remediation
  • Final opportunity to remediate or remove data in quarantine
  • Final opportunity to report false positive date in quarantine
Archive Data

30 days after quarantine

  • Archive Files to removable media and remove from the share
  • Label archive media with archival month and year
  • Archived files may be requested
Purge Archives4 months from quarantine


  • Permanently purge the data by destroying the media
  • Request access to archive files prior to Purge activities