3.8.4 Segregation of Systems Policy
University systems, applications, and databases designated for student or public use must be physically and/or logically isolated from systems used for normal administrative activities as appropriate to ensure system and data integrity.
It is the intent of this policy to enhance the University’s information technology security environment by requiring, where possible, the segregation of systems used solely for administrative purposes from those used solely for academic, student or general public access. To the extent possible, systems designated for academic or public use should be hosted on different computer systems than those designated for administrative use only. The computing and communications environment should be architected to prevent accidental or intentional harm to the University’s administrative production computing environment or the compromise of restricted or confidential University information. Firewalls or other similar devices should be used to further isolate administrative systems.
This policy is not intended to restrict appropriate access to information by legitimate Users, especially web-based access. It is likewise not the intent of this policy to preclude systems that use (and even allow updating of) administrative data in public applications. The intent is to require consideration be given to possible security gains through system architecture. This policy will have the greatest impact on campus administrative systems and will have little to no effect on systems involving teaching and learning.
Academic and administrative systems face competing expectations that bear on security. On the one hand, there is an expectation of readily available information. On the other hand, confidentiality of personal information requires the highest level of protection of systems from unauthorized or inappropriate access. Standard security practice is to isolate administrative systems that primarily contain restricted and confidential information from those that primarily contain public information or are otherwise used in an academic setting.