Is data stored in the ITS Data Center secure?

Some of the basic steps taken to ensure the security of your data are:

  • Secured data center environment - Entry into the data center is restricted to authorized individuals. Access to the facility is controlled by proximity cards, monitored via video, with all access logged.

  • Logging of all file access - Security logs records who accesses files and when; and enters it into our log management system. Reports are generated by request.

  • Backups written to encrypted tapes before being sent offsite - Full backups are run each weekend and sent offsite weekly. All tapes going offsite are encrypted. This provides protection in the event that tapes are lost or stolen offsite. Data can only be restored from the encrypted tapes by providing the encryption keys. Keys are located in a safe onsite with a backup on an encrypted memory stick offsite.

  • On-demand virus scanning for CIFS/File Shares - Symantec Protection Engine for Cloud Services runs on dedicated servers to provide on-demand virus scanning on the file system. This is provided as an “on-demand” basis due to the intensive processing when run; which is noticeable to users. This has been deemed an acceptable risk because the desktops accessing the file services are required to have virus scanning installed and configured.

ITS hosted services design and configuration options provide the foundation for housing confidential data (e.g. PHI, PII and FERPA). Our environment adheres to UC/UCSF Policies and Procedures thereby addressing federal and state regulatory requirements, such as HIPAA and SB1386, for protecting your department’s confidential data.

For systems which process confidential data a System Security Risk Assessment is required. Deployments in the documented and vetted ITS hosted environment shorten the assessment process significantly in comparison to 3rd party environments.