Information Technology

Should each person with system access have a unique user ID and password?

Ideal answer: Yes. Each system user should have a unique ID and password that should be kept confidential and never shared with anyone.

Should data on local drives be backed-up on a regular basis?

Ideal answer: Yes. Files stored on local drives should either be backed-up to a network drive or to a disk media (floppy/CD-R/DVD-R) on a regular basis.

Should faculty, staff, and students be able to show licensing documentation for all software installed on their computers?

Ideal answer: Yes. Documentation showing proof of purchase/license for all departmental software should be maintained.

Should the level of system access assigned to each staff member be regularly reviewed by management to ensure that there is still a continuing need for it?

Ideal answer: Yes. User access rights to information and systems should be periodically reviewed to make sure a valid job-related need still exists for the access.

Should a department have a documented disaster recovery/business continuation plan?

Ideal answer: Yes. Departments should document the process they would follow to restore operations in the event of a local disaster. The recovery plan should be tested on at least an annual basis.