The Ohio State University’s new Information Risk Management Program requires each college and business unit to manage information risks. As part of this program, the university has defined Information Security Control Requirements (ISCR) to better protect institutional data.
These changes require revisions to Ohio State’s background check policy. The policy revision will require anyone with access to restricted institutional data to have a background check on file. The policy revision process will begin this semester, with a projected effective date of early 2016.
Here are two changes that will be applied to the background check policy in order to comply with the new information security requirements:
- All new student employees with access to restricted institutional data need to be background checked upon hire. This requirement will be in effect the date of the policy revision effective date.
- All current faculty, staff and student employees who have access to restricted institutional data must have a background check on file. Therefore, any of these individuals who were previously grandfathered into the policy will need to have a background check completed. This requirement will be in effect in accordance with your ISCR assessment plan.
For more information on what is classified as restricted institutional data, please see the full Data Element Classification List. The list also includes detailed information on the national and state regulations that justify Ohio State’s data classifications.
While full compliance is the university’s goal, it is understood that colleges and business units face unique information risk circumstances, and will require varying degrees of time to thoughtfully plan for compliance. Therefore, college and business units are allotted flexible timelines, as long as they have a plan in place for reaching full compliance. Contact your Security Liaison for details of your college’s or business unit’s Risk Management Strategy.
Please contact Gina Thorpe, Lead Background Check Coordinator, at email@example.com if you have any questions or concerns.