Purpose:
To establish minimum security standards for College surveys.
Statement:
Any College survey that collects PII, PCI, or other sensitive data (FERPA, etc.) must be based on a tool/technology approved by Information Technologies.
Description:
-
The administration of any College survey that collects PII, PCI, or other sensitive data must be tied to individual user network accounts. Such surveys are considered as formal surveys. Information Technologies will assign such access based upon request.
-
For surveys that collect PII, PCI, or other sensitive data, Information Technologies will provide assistance in the initial configuration and use of the survey.
-
Users may administer ad hoc surveys based on any tool of preference, provided that PII, PCI, or other sensitive data are not being collected and that the use of such tools do not compromise the integrity of the College's infrastructure or any of its users accounts.
-
Users must self-support on the use of non-WSC survey tools for ad hoc surveys.
-
Individuals or departments that wish to contract out survey development and administration must contact Information Technologies prior to entering into any binding agreement. The purpose of this is to identify any College dependencies that might be required in association with the contracted agency; to ensure that FERPA, HIPPA, and other regulatory restrictions/requirements are incorporated into the survey's design.
Additional Information:
- Information Technologies will not develop questions for formal or ad hoc surveys; Information Technologies will not provide data analysis for the results of formal or ad hoc surveys.
- The sponsors of formal or ad hoc surveys are responsible for determining the appropriate survey content, presentation, and administration methodologies.
Approved By: Don Vescio
Date of Origination: 4/19/2006
Date of Review: 6/29/2010