Please report any problems to the Shared Tools Team at st-help@doit.wisc.edu    Broken Links? Missing Macros? WIKI Retiring Plugins
Skip to end of metadata
Go to start of metadata

Protection of Sensitive Information during Transmission (ITransmit)

Protection of Sensitive Information during Transmission (ITransmit) is developing recommendations for policy and guidelines that complement and extend the previous initiative that addressed Storage and Encryption of Sensitive Information (IEncrypt).

The ITransmit team recommendations are at: ITransmit Recommendations.

Meetings

For meeting notes see ITransmit Meetings Archive (wiki login required)

 

To comment on draft documents or any other aspect of IT policy, please add your comments at the bottom of the page in question, or send email to policy@cio.wisc.edu. Comments are welcome on any document at any time.

History

(tick) Milestone, (info) Item of interest

Date

Activity

08/15/12(info) All future implementation activity will be recorded at IEncrypt.
08/15/12PPT Meeting 2012-08-15. PPT decided that Sep 21 would be the target date to publish the revised IEncrypt policy and procedures.
08/14/12 Rev C of 2012-07-27 version.
08/14/12ITransmit Meeting 2012-08-14. Discussed forum results, charter for Encryption Futures team.
(info)Team decided that we should go ahead and publish the policy and procedures in September, and the Encryption Futures team can serve as the implementation team. This is the last ITransmit meeting. Many thanks to the team members!
08/08/12 

(info) IT Policy Forum 2012-08. Presented policy and procedures. Discussed what IT staff need in order to implement this policy.

08/06/12 Rev B of 2012-07-27 version.
08/02/12(info) Presented draft charter of "Encryption Futures" team to UW-MIST meeting.
07/30/12 Rev A of 2012-07-27 version.
07/27/12Revised draft policy and procedures. Main change was to add a requirement that restricted data be encrypted on desktop computer. Other changes as well to continue overall improvement of the documents.
07/26/12Consulting with OCIS and DoIT security regarding policy and procedures, recommended tools, need for additional tools, need for team to look at future encryption environment.
07/25/12 Special meeting with Policy Planning Team. Discussed forum presentation, questions.
07/10/12 ITransmit Meeting 2012-07-10. Reviewed the recommended procedures for faculty, staff and student employees.
07/06/12 Clean up of the revised recommended procedures for faculty, staff and student employees. See IEncrypt Policy Drafts
06/03/12Re-write of recommended procedures for faculty, staff and student employees, based on discussion at the ITransmit Meeting 2012-05-22.
05/31/12Minor tweaks for clarity. More significantly, added requirement to encrypt on "cloud services" to the draft of revised policy.
05/29/12Made minor changes to draft of revised policy, suggested at the previous ITranmit meeting.
05/22/12ITransmit Meeting 2012-05-22. Discussed the two tables.
05/16/12New draft documents: summary tables of guidelines for storage/transmission encryption by faculty and staff (two separate docs.) These are for discussion purposes while resolving outstanding questions, and are not entirely consistent with the 4/26 version of the draft revisions and guidelines.
05/01/12

(info) IT Policy Forum 2012-05. Presented draft policy & procedure revisions at forum. Did not present draft guidelines (team is still discussing them...) Asked for feedback on both policy & procedure revisions and the draft guidelines for fac/staff/students.

04/26/12Updated draft revisions to incorporate changes from the ITransmit meeting. The team is still working on the guidelines. 
04/24/12ITransmit Meeting 2012-04-24. Review draft revision of IEncrypt policy. Review changes to guidelines for faculty, staff and student employees.  Prep for IT policy forum.
04/19/12 Updated draft revisions of IEncrypt policy.
04/18/12PPT Meeting 2012-04-18. PPT reviewed draft IEncrypt revisions. Suggested some changes. 
04/03/12 Updated draft revisions of IEncrypt policy, and guidelines for faculty, staff and student employees.
03/27/12ITransmit Meeting 2012-03-27. Review draft revision of IEncrypt policy. Review new document with guidelines for faculty, staff and student employees. 
02/28/12ITransmit Meeting 2012-02-28. Review forum results. Review draft changes to IEncrypt Policy
02/17/12(tick) Began revision of IEncrypt Policy. 

02/07/12

(info) IT Policy Forum 2012-02-07. Presentation at forum.

01/18/12

ITransmit Meeting 2012-01-18. Prep for forum.

01/17/12

Rev A of Recommendations, as presented to CIO, plus additional follow up actions discussed at the Dec 19 meeting

12/19/11

Final version of recommendations, as presented to the CIO. (Same as 12/07/11, but removed "Draft".)

12/19/11

(tick) ITransmit Meeting 2011-12-19 (with CIO). Presented recommedations to the CIO. See meeting notes for additional implementation actions.

12/07/11

Final edits to recommendations

11/28/11

ITransmit Meeting 2011-11-28. Reviewed Recommendations. Prep for meeting with CIO.

11/14/11

ITransmit Meeting 2011-11-14. Reviewed Recommendations.

10/31/11

ITransmit Meeting 2011-10-31. Discussed policy or guidelines?

10/03/11

ITransmit Meeting 2011-10-03. Reviewed Recommendations.

09/19/11

ITransmit Meeting 2011-09-19. Discussed team charter and deliverables.

08/30/11

ITransmit Meeting 2011-08-30. Reviewed Recommendations.

07/26/11

Meeting. Reviewed first draft (outline) of the recommendations.

06/28/11

Meeting. Continued brainstorming. Added detail to some issues.

05/31/11

(tick) First meeting. Charter. Brainstorming results.

05/03/11

Status report to Office of the CIO, Policy and Security team.

04/27/11

(info) IT Policy Forum, update on status, final call for team members.

03/2011 to
04/2011

Drafting charter, recruiting team members.

02/08/11

PPT Meeting 2011-03-08. PPT reviews results of forum discussion.

02/03/11

(info) IT policy forum. Presentations and discussion of ITransmit. Goal is to measure interest in the community for working on a possible ITransmit policy at this time, and if so, gather community input (and volunteers!)

01/20/11

Arranged speakers to provide background at forum.

01/11/11

PPT Meeting 2011-01-11. Decided to add ITransmit discussion to the Feb 3rd IT policy forum agenda.

12/15/10

Result of feedback: Not sure if policy is needed, but it's worth talking about.

11/18/10

Email inquiry IReport/IEncrypt Joint Implementation Team (IERJIT) requesting input on ITransmit. We need to query the IERJIT team because many of the original members of the IEncrypt team are no longer available for consultation. This also indicates that we will need to form a new team if ITransmit is to proceed.

11/10/10

PPT Meeting 2010-11-10. Discussion of ITransmit. How to proceed. PPT suggests discussing this with the IEncrypt team.

11/02/10

(info) Policy and Planning receives request for development of a policy on encryption of transmitted information. The question therefore arises: should ITransmit be separated from IRM for independent and faster action? Questions to consider include: Is there a compelling need to move forward sooner? Is there support for such policy from the community? Previous discussions (long list below) concluded otherwise, but that was a while ago and opinions may change.

03/11/10

PPT Meeting 2010-03-11. PPT reaffirms the current strategy that protection of transmitted information be addressed as part of the Information Resource Management (IRM) initiative (as part of a standard for protecting sensitive information.) For this reason, ITransmit is consolidated into IRM. There is still no data stewards group, however, and it looks like it could be awhile.

08/04/09

IT Policy forum. ITransmit it included in the FY 2009-2010 IT Policy plan as an initiative "less likely to become active", but is the highest priority among them.

06/01/09

(info) Effective date of IEncrypt policy. Attached compliance standards recommend (but do not mandate) encryption of sensitive information when transmitted. Note however, that PCI DSS and HIPAA do require encryption during transmission under certain conditions.

04/23/09

PPT Meeting 2009-04-23. PPT prioritizes possible IT policy initiatives for FY 2009-2010. When discussing ITransmit, the decision is to delay it until we know whether or not the Information Resource Management (IRM) initiative will result a more general policy that addresses protection of information during transmission. Estimate is that there is good chance IRM will address it, so a separate iniative would be redundant. For this reason ITransmit does not make the "cut" and is included among those initiatives "less likely to become active". See 03/26/2009 PPT discussion for the background on why this was done.

04/06/09

(info) IT Policy forum. Discussion and multi-voting for possible policy initatives for the next fiscal year places ITransmit in the "middle of the pack" with 6% of the votes. Several initiatives receive similar vote totals. See: Discussion Results from the 2009-04-06 Forum

03/30/09

Draft IT policy plan for FY 2009-20010 continues to list ITransmit among possible new initiatives, because we want to know how the community feels about the relative priority of that initiative, and also because the development of high level policy may take considerable time, and want to remain open to the possibility that faster action on ITransmit could be necessary.

03/26/09

PPT Meeting 2009-03-26. Spirited discussion of IT policy strategy. Two schools of thought: (a) development of high level policy first followed (only if necessary) by development of more detailed policy, vs. (b) simultaneous development of high level policy and some more detailed policies. We did not reach consensus. Practical result is to pursue both strategies: attempt to get high level policy first whenever possible, but continue to engage in more detailed policy development when sufficiently compelling needs arise.

03/16/09

ITransmit is included among the policy initiatives in the first draft of the IT Policy Plan for FY 2009-20010.

03/13/09

The team working on a Framework for Protection of Sensitive Information (PSIFramework) presents their recommendations to the CIO. Relevant to ITransmit the recommendations include adoption of a standard for protection of sensitive information, and development of high level data management policy, which is expected to include high level security policy. Of note: an adopted standard would address encryption of sensitive information during transmission. Thus, the question of protection of transmitted information is expected to be resolved as part of the more general discussion of high level policy and adopted standards.

12/17/08

(info) IEncrypt Meeting 2008-12-17. IEncrypt recommendations presented to the CIO. Document suggest that there be a recommendation (not a mandate) under the policy that: "Some form of encryption or secure network connection should be used whenever sensitive information is transmitted. However, there are specific types of sensitive information for which encryption during transmission is required (for example, credit card information under PCI DSS.)"

08/2008 to
11/2008

IEncrypt team continues to discuss encryption of transmitted information. Consensus forms that this should be recommended rather than required, because there will be many cases where it will not be practical to encrypt. Expense of obtaining large numbers of PKI certificates is among the several reasons why a mandate does not appear practical at this time.

07/30/08

IEncrypt Meeting 2008-07-30. Team suggests that: "Confidential information should be not be transmitted over public networks unless it is encrypted to maintain privacy." This is added to the draft recommendations dated 8/11/09.

Additional Pages

Contact

 

 

  • No labels