Skip to main content

IT Best Practices

Information Technology Best Practices

Purpose

This policy outlines information technology best practices and data retention guidelines for Roanoke College users. Following these best practices helps protect College data and systems.

Data Handling

  • Store College data on network shares (z: drive for your work files, x: for departmental) or OneDrive, not local C: drives.
  • Routinely clear your downloads folder. Do not store confidential data there, even temporarily.
  • Do not electronically share confidential data without approval for a secure transmission method through IT.
  • IT must approve any cloud services used for College data.
  • Institutional data should not be uploaded into generative AI applications.

Physical Security

  • Lock your workstation when stepping away.
  • Never leave sensitive documents or passwords visible.

Personal Computers

  • Do not use personal computers for College work while on campus.
  • Use VPN or remote desktop off campus.

Data Collection

  • Only use approved systems like Qualtrics, StarRez, Colleague, etc. for collecting College data.
  • Never request sensitive data like Social Security Numbers, birthdates, driver's licenses, and passports, etc. via email.

Contact IT to implement secure channels.

Passwords

  • Use long passphrases for passwords
  • Do not reuse passwords – you should not use the same password for personal accounts as you use for your Roanoke account

Email Security

  • Be cautious of phishing attempts. Verify senders before opening attachments or links.

Social Engineering

  • Be aware of impersonation attempts. Use caution when sharing sensitive info by phone/online.

Mobile Devices

  • Devices with College email or data must use passcodes/passphrases.

Remote Work

  • Use VPN to connect securely. Do not use public WiFi for College work.

Data Retention

  • Colleague _HOLD_ area is cleared out nightly
  • Server backups: 28 days
  • Zoom recordings: 1 year
  • Distribution lists audited and pruned periodically
  • Student worker accounts deleted yearly
  • Inquire courses archived after 2 years, deleted after 5 years
  • Print queues cleared after 56 hours
  • Form Builder data retained 28 months