Franklin College File Share Sensitive File Scanning Process
Summary
Franklin OIT has adopted the following procedure for the scanning and mitigation of sensitive and restricted data located on network-shared resources such as individual and unit-level network file shares.
The Systems Management Team (SMT) Windows group will utilize campus standard tools to scan network file shares and services in order to identify files suspected of containing restricted data, such as Social Security Numbers (SSNs). These tools will be used to scan individual/personal network shares as well as unit-level group network shares and provide a list of suspected files to send to the unit.
Process
- Perform scans on individual and unit shares on a quarterly basis.
- Send the report/listing of files identified as containing restricted data to the identified owner or if no owner is identified, the primary contacts for the unit (offman/ctrom and/or head/dir).
- From the time of notice, the recipient will have 30 calendar days to mitigate the restricted data or report back that the identification was in error (i.e., a false-positive).
- Individuals or units identifying a file containing restricted data as necessary for business must provide a business case for use and will be expected to fund and use a service built to handle this type of data (e.g., Secure IFS + Secure VDI, Secure Reports, etc.).
- Files that are required for a business process which contain sensitive information that is not required will need to have the sensitive information securely redacted from the file.
- After 30 calendar days, SMT quarantines identified files into a directory with restricted access.
- For unit shares, the primary contacts for the unit must identify and provide a list of the individuals responsible for the review and cleanup of the quarantined files to Franklin OIT. Identified users are the only individuals granted permission to view and modify files inside the quarantine location.
- From the period of quarantine, the client will have an additional 30 calendar days to cleanup and mitigate the restricted data from the files or identify false-positives.
- After the completion of the 30 calendar days for quarantine, SMT removes any remaining files identified as containing restricted data from the server and archives them to disc for a period of 4 months before destruction.
Process Timetable
Item | Timeline | FOIT Actions | Owner/Unit Actions |
---|---|---|---|
Scan Shares | Quarterly by Calendar Year |
|
|
Send notifications | Upon completion of scans |
|
|
First Cleanup Period | For 30 days following notification |
|
|
Quarantine Data | 30 days after scanning |
|
|
Second Cleanup Period | For 30 days following quarantine |
|
|
Archive Data | 30 days after quarantine |
|
|
Purge Archives | 4 months from quarantine |
|
|