Data Location: Application
-
Secure deletion
—
by
Securely delete information when it is no longer required by means that make it impossible to reconstruct the records.
-
Incident Reporting
—
by
Promptly report actual or suspected compromise, including loss, theft, improper use, modification of, or access to information to security@mit.edu.
-
Self Assessment
—
by
Review your systems and procedures regularly to ensure the tasks for this risk level are applied.
-
Security by design
—
by
If you are developing (or contracting a vendor to develop) applications processing this level of information, include security as a design requirement.
-
Code review
—
by
If you are developing (or contracting a vendor to develop) applications processing this level of information, review code and correct flaws prior to deployment.
-
Annual Review
—
by
Contact security@mit.edu for an annual review to verify that all security tasks are working properly.
-
Sponsored research
—
by
If you have received data as part of a sponsored research project, and your contract includes clauses on data security there may be additional tasks. Please contact infoprotect@mit.edu.
-
Payment processing
—
by
If you are accepting credit card payments, you may need to complete additional tasks. Please contact infoprotect@mit.edu
-
HIPAA or PHI
—
by
If you handle Protected Health Information (PHI) or Individually Identifiable Health Information, there may be additional tasks to complete. Please contact infoprotect@mit.edu.
-
Anonymize information
—
by
Anonymize information whenever possible and separate access to identified and de-identified data sets. For physical media store identified information in a separate locked file cabinet.