Data Governance and Protection

Data are essential assets of the University that should be protected from leakage, loss, theft, destruction and unauthorized disclosure or access. The University has approved the following policies and enforcement measures for proper handling and protection of sensitive and confidential data generated in the operations of the University. It is imperative for every member of the University to comply with these policies and measures.

Relevant sections of Information Security Policy
Enforcement of Data Governance and Protection

Data Protection Measures

The following measures have been in place to assist all University members to protect essential data assets of the University.

Data Assets Inventory

Every department shall maintain an inventory of data assets to specify the storage locations and the classification of the assets. To help departments establish the data assets inventory, ITSC creates a template which combines with the Personal Data Inventory for departments to record and maintain their data assets. The data assets and personal data inventory are required to submit to ITSC/DPO for record and audit purposes annually.

Data protection systems

1. Microsoft Azure Information Protection (AIP) - Assists users to identify and label sensitivity level of emails and document files.

2. Data Loss Prevention System (DLP) - Detects and alerts users for any sensitive and confidential data assets not being properly protected.

Data Governance and Protection

Data Protection Measures

Data Assets Inventory

Data protection systems

Data Encryption Solution for encryption of USB drives