Information Access & Protection Standard
The Information Access & Protection (IAP) Standard ensures that RIT handles all information properly, including RIT Confidential and RIT Operationally Critical information.
Each department must create an Information Access & Protection Plan that provides specific instructions for handling RIT information through its lifecycle of creation, transfer, storage, and disposal.
A properly-constructed IAP Plan ensures that your department is meeting both internal and external information handling requirements.
What does it apply to?
The standard applies to all RIT employees (specific responsibilities will vary from person to person).
| Departments | Designates an individual responsible for creating and managing its IAP Plan. |
| RIT Faculty & Staff | Responsible for following your department’s IAP Plan and using appropriate practices when handling RIT Confidential or RIT Operationally Critical information. |
| Systems Administrators | Responsible for supporting various IAP Plans as needed by providing instruction and support for data encryption and other security best practices. |
What do I need to do?
Everyone
- Read the Information Access & Protection Standard and supporting documentation.
- Take our Digital Self Defense 103: Information Handling self-paced online course.
- Use the IAP Resource Center to find resources and instructional material for information handling.
New Employees
- Take our Digital Self Defense 103: Information Handling course. All new employees are required to take this course upon hire.
- Make sure you know who manages your department’s IAP Plan.
Hiring Managers
- Ensure that all new employees have taken our Digital Self Defense 103: Information Handling course.
- Ensure that all new employees are familiar with their department’s IAP Plan.
Systems Administrators
- Maintain an open dialogue with the organizations you support regarding their security practices and needs.
