Secure Network Attached Storage, also known as Secure NAS or SecNAS, is a file storage solution for sensitive information. Sensitive information, as defined on businessdictionary.com, is “Privileged or proprietary information which, if compromised through alteration, corruption, loss, misuse, or unauthorized disclosure, could cause serious harm to the organization owning it.”
What is included in sensitive information?
Sensitive, University-related information includes all information, in its original and duplicate form, which contains:
- Personal Information, as defined by the North Carolina Identity Theft Protection Act of 2005
- Protected Health Information, as defined by the Health Insurance Portability and Accountability Act of 1996 (HIPAA)
- Student education records, as defined by the Family Educational Rights and Privacy Act (FERPA)
- Customer record information, as defined by the Gramm Leach Bliley Act (GLBA)
- Confidential personnel information, as defined by the State Personnel Act
- Information that is deemed to be confidential in accordance with the North Carolina Public Records Act
- Note: SecNAS should NOT be used to store merchant-related payment card information, as defined by the Payment Card Industry (PCI) Data Security Standard. Questions regarding storage of payment card information should be directed to the University committee charged with governing payment card activities, CERTIFI (Compliant Electronic Receipt Transactions throughInnovation and Financial Integrity). http://finance.unc.edu/about/finance-committees/
Sensitive information also includes any information that is protected by University policy from unauthorized access such as research information, public safety information, financial donor information, system access passwords, information security records, and information encryption keys.
Specific examples of sensitive information include but are not limited to:
- Social Security numbers
- Passport numbers
- Health information that can be used to identify an individual
- Drivers’ License numbers
Who has access and should use Secure NAS?
Secure NAS is available for use by faculty, staff, interns, work study students, student assistants, researchers, as well as temporary and contract employees of The University of North Carolina at Chapel Hill. More information about departmental storage space allocation is available at help.unc.edu.
Responsibility of ITS
ITS along with departmental IT staff will manage individual data access controls including specialized security groups and their memberships designed to meet the requirements of the campus Information Security Policy.
For audit purposes, ITS will also manage the file system access control lists and will track approvals, access control changes, and upon request by departmental leadership, user file access history.
Responsibility of User
Users can begin storing documents on Secure NAS effective May 2014. For step-by-step instructions on how to connect to Secure NAS please visit the ITS help page. For assistance with how to save sensitive information, please contact your departmental IT staff or 919-962-HELP.
Departmental technical support staff should review this document regarding workstation protections that must be in place before a workstation connects to Secure NAS.
ITS is proud to offer this new storage solution for securely storing sensitive, University-related information.