College of Natural Sciences and Mathematics
Policies and Security

 

NSMIT encourages all computer users on campus to be familiar with good security practices in the policies listed below. NSMIT will always follow or exceed minimum IT central recommended security policies unless otherwise noted.

NSM Security Policies

UH Reference Guide

University of Houston Training Policy

Texas State Law requires Information Security Awareness Training for all UH employees.

Log in with your employee ID and birthdate to access the training. For more information, call (713) 743-1607.

NSMIT Password Policy

  1. Passwords are to be assigned to the individual employee or issued on an individual employee basis if computerized records are being accessed as part of their responsibility.
  2. Distribution of passwords should be handled with the strictest confidentiality.
  3. Passwords shall be changed on a regular basis (at least once every 60 days).
  4. Passwords that are obvious, such as nicknames and dates of birth, should not be allowable.
  5. Passwords should never be shared with another user. Employees are formally notified as to their role in protecting the security of the user ID and password. Counter accounts, for view only, are an exception to this rule.
  6. Passwords should have a minimum length of five characters.
  7. Passwords stored on a computer should be encrypted in storage.
  8. System software should enforce the changing of passwords and the minimum length and format.
  9. The non-printing, password-suppression feature should be used on all terminals to prevent the display of a user ID or password at log-on.
  10. System software should disable the user identification code if more than three consecutive invalid passwords are given.
  11. System software should maintain a history of at least two previous passwords and prevent their reuse.
  12. Procedures for forgotten passwords should require that Support Services personally identify the user.

 

NSMIT Purchasing Policy

  1. IT Staff will request an item to be purchased through their immediate supervisor
  2. Supervisor will get quotes and submit the purchase request to NSMITCM* for approval. After receiving approval, the request can be sent to the purchasing agent.
  3. All purchased items must be approved by both the supervisor and NSMITCM*.

If Supervisor request purchase to be paid from his/her assigned budget, the request should still be routed to NSMITCM*; but it will be assumed the purchase is authorized if request has not been denied within 24 hours.

* NSMIT College Manager

Back to the Top

NSMIT Update Policy for Software
Main NSMIT update maintenance window is last friday of every month after 5 p.m.

major update - major version update to software from 1.x to 2.x
maintenance updates - when a update to software goes from 1.X to 1.Y, include most fixes, minor feature updates

(Production Environment)
All Updates will be done during a Maintenance Window

  1. Major updates
    1. Will be fully tested and verified 99% bug free before updating
    2. Will be installed
      1. During Christmas break
      2. After all Final Exams or Summer Break
      3. After Spring Final Exams and before summer sessions
  2. Maintenance (minor bugs and OS Maintenance) updates will be done only during Maintenance Window(see Maintenance policy)
  3. Any update outside of Maintenance Window has to be approved by both Production Lead and NSMITCM

(Development Environment)
Major Updates and Minor Updates

1. Updates can be done outside of Maintenance Window only with approval from Development Lead.

Back to the Top

NSMIT Server Administration Policy

Server Administrator responsibilities:

  • Monthly OS Maintenance
  • System backups.

Application Administrator responsibilities:

  • Application Installation
  • Administration
  • Maintenance
  • Each Application Administrator will have access to their own application, but not administrator rights to the server.

* Backup Admin should only help if the Main Admin is not available

NSMITCM is 3rd backup or whoever he/she is assigned in case by case basis.

Accounts used only when required

  1. 'root'
  2. 'vadmin'

When possible unauthorized access to server has been detected

  1. Taken offline immediately until security assessment has been completed by Security Admin
  2. Notify NSMIT College Manager (NSMITCM)
  3. If security assessment determines unauthorized user had access to sensitive data
    1. UH Security Officer must be informed.

Back to the Top

NSM Business Continuity

Disaster Recovery Strategies

Condition 1-2 Days 3-4 Days 5-10 Days 11+ Days
One. Critical program space and facilities are damaged or not available  Have staff work at home or other designated site  Have staff work at home or other designated site  Have staff work at home or other designated site  Have staff work at home or other designated site
Re-route/forward phones Re-route/forward phones Re-route/forward phones Re-route/forward phones
Contact Postal Services and make appropriate arrangements Contact Postal Services and make appropriate arrangements Contact Postal Services and make appropriate arrangements Contact Postal Services and make appropriate arrangements
Use procurement cards as necessary Use procurement cards as necessary Use procurement cards as necessary Use procurement cards as necessary
Communicate with all responsible parties to relate alternate site of distribution and collection of all financial documents including payroll Communicate with all responsible parties to relate alternate site of distribution and collection of all financial documents including payroll Communicate with all responsible parties to relate alternate site of distribution and collection of all financial documents including payroll Communicate with all responsible parties to relate alternate site of distribution and collection of all financial documents including payroll
         
Two.  Critical equipment is damaged or unavailable Secure equipments and/or communicate with responsible IT staff in college or central IT Secure equipments and/or communicate with responsible IT staff in college or central IT Secure equipments and/or communicate with responsible IT staff in college or central IT Secure equipments and/or communicate with responsible IT staff in college or central IT
         
Three. Centrally provided power becomes unavailable Logistical:  see Condition # 1 reponses Logistical:  see Condition # 1 reponses Logistical:  see Condition # 1 reponses Logistical:  see Condition # 1 reponses
Critical equipment:  see Condition # 2 responses Critical equipment:  see Condition # 2 responses Critical equipment:  see Condition # 2 responses Critical equipment:  see Condition # 2 responses
         
Four.  Communcations via phone, fax, email and internet becomes unavailable. Use personal cell phones, if available Use personal cell phones, if available Use personal cell phones, if available Use personal cell phones, if available
Use alternate fax and computer equipment:  UH or external Use alternate fax and computer equipment:  UH or external Use alternate fax and computer equipment:  UH or external Use alternate fax and computer equipment:  UH or external
Report to IT; obtain repair timeline and communicate this information to responsible parties in deparrtments Report to IT; obtain repair timeline and communicate this information to responsible parties in deparrtments Report to IT; obtain repair timeline and communicate this information to responsible parties in deparrtments Report to IT; obtain repair timeline and communicate this information to responsible parties in deparrtments
If outage is all UH: await word from appropriate  administrator and communicate to college and department staff via alternate phone If outage is all UH: await word from appropriate  administrator and communicate to college and department staff via alternate phone If outage is all UH: await word from appropriate  administrator and communicate to college and department staff via alternate phone If outage is all UH: await word from appropriate  administrator and communicate to college and department staff via alternate phone
         
Five.  Central Info Systems are non-funcational.  Mission critical data is unavailable Use hard copies of most recent data; e.g. payroll rosters, payment receipts, etc. Use hard copies of most recent data; e.g. payroll rosters, payment receipts, etc. Use hard copies of most recent data; e.g. payroll rosters, payment receipts, etc. Use hard copies of most recent data; e.g. payroll rosters, payment receipts, etc.
         
Six.  Local info systems (LAN or desktops) become non-functional See Condition # 2 responses See Condition # 2 responses See Condition # 2 responses See Condition # 2 responses
         
Seven.  Staff is impacted by disaster and not available to work Have contact information at home and contact staff Have contact information at home and contact staff Have contact information at home and contact staff Have contact information at home and contact staff
Using phone tree, identify any available staff Using phone tree, identify any available staff Using phone tree, identify any available staff Using phone tree, identify any available staff
Advise Dean Bear and Craig Ness Advise Dean Bear and Craig Ness Advise Dean Bear and Craig Ness Advise Dean Bear and Craig Ness
    If short-staffed, hire temporary staff If short-staffed, hire temporary staff
         
Eight.  Critical business partners or vendors unable to provide goods or services Absorb delay Absorb delay Identify alternate vendors Identify alternate vendors

Back to the Top

 
 
Statewide Search Site Map Feedback Contact U H Compact with Texans U H System Privacy and Policies State of Texas