Friday August 2nd, 2013

Search

• Home
• Help Desk   ‣
  • Desktop Support Services
• Administrative Systems
• Services & Support   ‣
  • Calendaring
  • Email & Webmail
  • Faculty Websites
  • Mailing Lists
  • Projects
  • Information Security
  • Sites@UCI
  • Sofware & Hardware Purchases
  • Streaming Server
  • Virtual Server Hosting
  • UCInetIDs & Identity Management
  • WebFiles
  • zotALERT
  • More...
• Instruction & Research   ‣
  • Computer Labs
  • EEE - UCI's Course Management
  • Distributed Computing Support
  • Research Computing
• Network   ‣
  • UCInet Mobile Access (WiFi)
  • 800 MHz Radios
  • UCInet Tools
  • Service Request Form
  • Server Registration Form
  • IP Address Request Form
  • More...
• Telephone   ‣
  • Service Request Form
  • Campus Directory
  • Cisco IP Phones
  • Conference Call Services
  • Directory Services
  • Ericsson Digital Phones
  • Mobile & Smartphones
  • Voicemail
• About OIT   ‣
  • IT Consolidation
  • Contact Us
  • Organization Chart (PDF)
  • Policies
  • IT News
  • More ...

 

Security Terms, Virtual Server Hosting

Summary: Use of the IAT Virtual Server Hosting service requires agreement to these security terms of service.

Data Restrictions

The client is responsible for providing appropriate data security controls, such as appropriate passwords, encryption, and back-ups, for information stored on the IAT Virtual Server Hosting Service.  The virtual machines are provided as essentially “bare metal” and do not have host security controls beyond what the client implements.  If you have questions about security controls, please email security@uci.edu.

The IAT Virtual Server Hosting Service is only for low data classification information.  The client agrees to not store, copy, transfer, hold, pass, or in any other way use unencrypted restricted data (see definitions below) on an IAT virtual machine or on the IAT Virtual Server Hosting service network.

Restricted Data:

"Restricted data" is a particularly sensitive category of confidential data. UC defines restricted data as follows:

Any confidential or personal information that is protected by law or policy and that requires the highest level of access control and security protection, whether in storage or in transit.  The term should not be confused with that used by the UC-managed national laboratories where federal programs may employ a different classification scheme.

At UCI, restricted data includes, but is not necessarily limited to

• Personal Identity Information (PII)
• Electronic protected health information (ePHI) protected by Federal HIPAA legislation
• Credit card data regulated by the Payment Card Industry (PCI)*
• Records of students with a FERPA block in the campus directory
• Information relating to an ongoing criminal investigation
• Court-ordered settlement agreements requiring non-disclosure
• Information specifically identified by contract as restricted
• Other information for which the degree of adverse affect that may result from unauthorized access or disclosure is high.

Personal Identity Information (PII):

Unencrypted electronic information that includes an individual’s first name or initial, and last name, in combination with any one or more of the following:

• Social Security number (SSN).
• Drivers license number or State-issued Identification Card number.
• Financial account number, credit card number*, or debit card number in combination with any required security code, access code, or password
• Personal medical information
• Health insurance information

*Credit card information is also regulated by the Payment Card Industry (PCI) Data Security Standard.

Updated: September 18, 2009

Site Feedback

Office of Information Technology
Contact the OIT Help Desk – (949) 824-2222 or oit@uci.edu