Role: System Administrator

  • HIPAA or PHI

    by

    If you handle Protected Health Information (PHI) or Individually Identifiable Health Information, there may be additional tasks to complete. Please contact infoprotect@mit.edu.

  • Anonymize information

    by

    Anonymize information whenever possible and separate access to identified and de-identified data sets. For physical media store identified information in a separate locked file cabinet.

  • Data Retention

    by

    Observe applicable data retention policies upon project completion. Securely delete the information if possible. If you must retain a copy of information at this level, ensure that it remains secure.

  • Secure destruction

    by

    Destroy devices and media that are no longer needed in a way such that no information can be recovered.

  • Data minimization

    by

    Limit the storage and collection of data at this risk level to that which is necessary to accomplish the legitimate purpose for which it is collected.

  • Sponsored research

    by

    If you have received data as part of a sponsored research project, and your contract includes clauses on data security there may be additional tasks. Please contact infoprotect@mit.edu.

  • Encrypt passwords

    by

    Store and transmit only encrypted passwords.

  • Default passwords

    by

    Change default or vendor-supplied passwords and remove default accounts.

  • Password at startup

    by

    Enable password protection at startup.

  • Multi-factor authentication Endpoints

    by

    Utilize multi-factor authentication for remote access.