image of the UTIA policies and procedures website
UTIA Policies and Procedures

Having IT security plans and procedures is more important than ever before. The Institute is required by UT System Administration, the Board of Trustees, and Audit and Compliance to have certain policies/plans and procedures in place. While we may be doing the right things most of the time, it does not count if those things are not in writing. In addition, it does not count if those things are in writing, but no one knows about them.

Today I would like to give a brief synopsis of two of our newest IT security plans and procedures:

  • As a way of maintaining a consistent and secure way of sharing files with Institute employees, as well as approved affiliates of the Institute, the UTIA Google Drive Procedures have been created. The sharing of Institute data using Google is permitted only through the UTK Google Apps for Education and is strictly prohibited using personal Google Drive accounts. UT Google Drive is encrypted in transit and at rest, and is certified for most sensitive data, with the exclusion of HIPAA (Health Insurance Portability and Accountability Act of 1996) and PCI (Payment Card Industry) data. Users wishing to share files via UT Google Drive must share with only those who have a legitimate and approved need to access that data. In addition, users must remove access as soon as it is no longer needed.
  • The UTIA Media Protection Plan impacts any user accessing Institute IT assets classified as Moderate or High, or paper media containing sensitive data. The Institute’s media, which includes electronic and paper records, in addition to IT assets, must be protected from unauthorized access and disclosure. Media that is not appropriately secured carries the risk of identity theft, loss of data, stolen research, etc. Most users likely will not need to change much. They do need to store such media using the method of least privilege, which give users only access to what is necessary to perform job responsibilities and they must properly dispose of the media through sanitization or other form of irreparable destruction.


***Please visit http://utiapolicy.tennessee.edu to see all of our current UTIA IT Security Plans and Procedures. Keep in mind that if you are audited by UT’s Audit and Compliance or audited by the state, you are expected to be familiar with and follow the Institute’s policies and procedures. ***

Contact Information:

Sandy Lindsey
Chief Information Security Officer
University of Tennessee Institute of Agriculture
2640 Morgan Circle Drive | 201F McCord Hall | Knoxville, TN 37996
(865) 974-7292 | sandy@tennessee.edu | UTIAsecurity@tennessee.edu