Computer Loss or Stolen Procedure

  1. Palm Beach State Campus Security must be immediately notified when any college employee notices that their college provided computer is missing or any college-owned computer is missing. The notification is required immediately and in no case should the notification be delayed for any reason by more than 24 hours.
  2. If the computer loss occurs off-campus, the College employee must contact the local police to report the theft and obtain a police report. In addition, the employee must report the loss to the College Campus Security as specified in #1 above and provide a copy of the police report.
  3. Upon receiving notification of a missing computer, Security will immediately contact the Service Desk to report the loss and acquire the equipment make, model, serial number and the College asset tag information necessary to complete the incident report.
  4. The Service Desk will provide e-mail notification of the missing computer to the VP of Information Services, the CIO, the IT Directors,  and VP of Administration & Business Services.
  5. Security will notify Facilities of the computer loss for inclusion in the Board Missing Property Report.
  6. Within 24 hours of the reported loss, the primary user of the missing computer must provide a written and signed response to the following questions (form will be available online):
  • Was there any student data on the missing computer such as class rosters, grades, identifying financial information, etc…?
  • Was there any financial information, college related or personal on the missing computer?
  • Was there any Palm Beach State employee information on the missing computer?
  • Was there any stored reports with personal or identifying information on the missing computer?
  • Was there any saved passwords, College or other on the missing computer?
  • Was there any additional sensitive and identifying data on the missing computer that was not addressed in the previous responses?

  1. If yes is answered to any of the questions asked in step #5 above, the employee will provide as much detail as possible regarding the information on the computer,including the most recent backup of the computer, so Information Technology can assess the extent of the data loss.
  1. The college’s Information Security Officer (ISO) will work with the employee to identify the data at risk. The ISO will notify the Chief Information Officer and VP of Administration & Business Services to determine if the college must notify the Florida Community College Risk Management Consortium (FCCRM) to place the college’s Cyber Risk Insurance carrier on notice of the breach and begin the notification process required under Florida Statute 817.5681.
  2. The Director of IT Customer Support will notify the college’s computer asset recovery service vendor of the loss so they can initiate a data wipe of the disk drive and recovery tracking when the computer appears on a network.
  3. Palm Beach State Security will contact the Provost at the campus, and/or the vice president of the area the computer was assigned if a district computer, to report the incident.
  4. Information Technology will work with Palm Beach State Security and law enforcement to attempt recovery of the equipment.
  5. Replacement of the missing computer will be determined based on the circumstances and need. Replacement must be authorized and approved by the VP of Administration & Business Services prior to a replacement unit being issued.

Details

Article ID: 53058
Created
Tue 5/1/18 11:51 AM
Modified
Tue 9/25/18 4:59 PM