We strongly encourage the adoption of Single Sign-On (SSO) for all campus-related applications, especially those handling sensitive information. SSO provides centralized visibility and control over client access, making it easier to demonstrate compliance with regulatory requirements such as GDPR, HIPAA, and FERPA. Audit trails and logs can be generated to track user activity and access to sensitive data.
IT Security
It is crucial that ChatGPT and other generative AI tools are used with caution and do not put Rensselaer data at risk. Confidential and Internal Use data, as defined in the Information Classification policy, cannot be put into any of these tools unless a vetted contract is in place through procurement to ensure proper data security and privacy.
Additionally, all use cases should be consistent with the Cyber Citizenship Policy.
The stance of the Information Security Office within DotCIO is that access to Rensselaer data and systems for business operations should only be through Rensselaer owned and managed devices with appropriate security controls and configurations. Please review the Information Classification Policy; by policy, personally-owned devices cannot not be used to store confidential data.