 |
 |
I'm curious as to if anyone knows anything about a "Survey" being conducted by a consultant brought on by "University Systems" inquiring about specifics of domain hosted websites? I know I'm a paranoid person (as most people in IT are) so I'm looking to see if anyone else has gotten an email like the one below. Good Afternoon, You have been identified as a technical contact for MSU hosted site domain: " " To complete our documentation update, please take a moment to answer the following questions to the best of your ability? If it is easier to meet in person please let me know and I can make arrangements to meet where convenient for you. Thank you in advance for your assistance. 1. What is the approximate date the website was created? 2. What is the website mainly used for? 3. What is the frequency of use/visitation for the website? a. Daily b. Few times per month c. Few times per year d. Other: _____________________________________________________________ 4. What type of database is used in this website if applicable (for example: MySQL, Access, etc.?)? If applicable what is the database version? 5. Does this website collect or display Social Security Numbers? a. Yes b. No c. Other:____________________________________________ 6. HIPAA Data: Please highlight any of the data points that this website collects/stores, or displays online. (Leave un-highlighted if you do NOT collect/store, or display) a. Patient Name b. Patient Address c. Patient City d. Patient State e. Patient Zip f. Patient Clinical or Diagnostic Data g. Patient Date of Birth h. Other (please provide any additional detail if applicable):________________________________________________________________ ____________________________________________________________________________ _____ 7. FERPA Data: Please highlight any of the data points that this website collects/stores, or displays online. (Leave un-highlighted if you do NOT collect/store, or display) a. Student Name b. Student Address c. Student City d. Student State e. Student Zip f. Student Grades g. Student Date of Graduation h. Student Date of Attendance i. Student Enrollment Record j. Student Schedule k. Student Class List l. Student Ethnicity m. Other (please provide any additional detail if applicable):________________________________________________________________ ____________________________________________________________________________ _____ 8. PCI Data: Please highlight any of the data points that this website collects/stores, or displays online. (Leave un-highlighted if you do NOT collect/store, or display) a. Primary Credit Card Account Number b. Credit Card Holder Name c. Credit Card Service Code d. Credit Card Expiration Date e. Credit Card Full Track Data f. Credit Card CAV2/CVC2/CVV2/CID g. Credit Card PIN h. Other (please provide any additional detail if applicable):________________________________________________________________ ____________________________________________________________________________ _____ 9. Website Security: Please highlight any of the data points that this website has in place. (Leave un-highlighted if you do NOT have in place) a. Site uses https in the URL b. Site requires users to authenticate c. Site has password obsolescence in place d. Site has data encryption in place e. Site has 2 factor authentication in place f. Site has access control list on folders g. Other (please provide any additional detail if applicable):________________________________________________________________ ____________________________________________________________________________ _____ 10. Accessibility: Has this website been updated to meet the current WCAG 2.0 Accessibility Standards? a. Yes b. No Tim Heckaman IT Administrator 517-884-0362 MSU Surplus Store & Recycling Ctr. 468 Green Way. East Lansing, MI 48824