Level 2:

1. Access to study data must be protected by a username and password that meets the complexity and change management requirements of a UNC ONYEN.

  • Set your computer password to match your ONYEN and change it as your ONYEN changes.

2. Study data that are accessible over a network connection must be accessed from within a secure network (i.e., from on campus or via a VPN connection).

  • When off campus, use VPN whenever using an insecure network.
  • When on campus, make sure you are using the building’s Ethernet wired network whenever possible. If you need to use wireless, make sure you are connecting to the UNC-Secure or eduroam wireless networks.

3. Computers storing or accessing study data must have Endpoint Protection (AntiVirus/AntiSpyware) installed and updated regularly where technologically feasible.

  • Antivirus software available for free download here

4. Patch management and system administration best practices should be followed at all times on systems storing or accessing your data.

  • Qualys browser check
  • Apple / Windows updates installed daily
  • Adobe application updates (Reader, Flash, Creative Suite, etc.)
  • Microsoft Office updates (Word, Excel, PowerPoint, Outlook, etc.)

5. Users should be granted the lowest necessary level of access to data in accordance with ITS Security’s Standards and Practices for Storing or Processing Sensitive Data (when technologically feasible).

  • Other users of the computer should not have access to the data
  • Access to system should be limited as much as possible (do not let people use the system that do not need it)
  • De-identify data whenever possible


Link to form

Print Friendly, PDF & Email