Encryption Business Process


Users are required to encrypt Restricted information, as defined by the Data Classification Standards and Guidelines for protection against inadvertent or unauthorized disclosure while in storage or in transit over data networks. The Division of Information Technology makes available software and protocols that provide robust encryption for devices that must store or transmit Restricted information, as well as the capability for properly designated University officials to decrypt the information, as required and authorized. Users encrypting information must use only the endorsed software and protocols

Procedure for the Information Custodian

Determine whether the information is Restrited Information as defined by the Data Classification Standards and Guidelines. 

  • If possible, use currently established and centrally administered processes and services when creating, accessing, storing, using, and/or transmitting Restricted Information.
  • If not possible to use centrally administered servers, request file or process encryption assistance by contacting the IT Service Desk. Be prepared to answer the following questions:
    • Location of Device (building and room).
    • Host name and IP address of device.
    • Operating system utilized.
    • Name and contact information for your local IT support person.
    • User name and contact information for device. This user name will be the only user with access to the data in question. If more than one user needs access, include all user names and contact information.
    • Type of information (data, files, processes) requiring encryption. Please include data and files that contain Sensitive or Restricted information and all processes/applications that access or use that Restricted information. Include processes which you use to transfer that information to other devices or locations.
    • Type of device(s): desktop or laptop, Windows or MacOS platform, external storage (USB, etc), or other type of device.
    • Is the device part of a domain? If so, which domain?
    • Asset control number for the device or for the device the device is connected to most often.
    • Other pertinent information regarding this request for encryption. (Such as why you want to encrypt the data).
    • Provide other information requested by IT staff.