Data Encryption Transmission Policy

Policy Purpose

This policy defines the encryption of data traversing the campus network.

Policy Statement

It shall be the policy of the University of Arkansas-Fort Smith to encrypt the transmission of highly sensitive or critical data using secure protocols or applications.

Applicability

This policy applies to all University employees, contractors, and vendors.

Definitions

None Applicable

Policy Procedure

1. Emails transmitting sensitive or critical data must be encrypted by email encryption software. UAFS currently uses Microsoft Office 365 encryption to encrypt emails. If for any reason, Microsoft email encryption is not working or unavailable, then attachments containing sensitive or critical data must be zipped and encrypted with a strong password. The password should not be included in the same email. Best practice is for the password to be transmitted via phone or in person.
2. Data containing sensitive or highly sensitive data sent via the campus network and/or through the internet should only be uploaded or downloaded using secure protocols such as HTTPS or SFTP. Secure protocols should conform to current industry best practices in ciphers and cryptographic protocols.

Enforcement

The IT department shall monitor data using available up to date technology.

Policy Management

This policy is managed by the IT department. The IT Director and appointed IT personnel are the primary administrators of this policy. The responsible executive is the VCFA.

Exclusions

None Applicable

Effective and Approved Date

This internal policy was approved by Terry Meadows – Director of IT/CIO on 5/17/2017

Last Updated

10/3/2025 – Reformatted for accessibility by Terry Meadows Director of IT/CIO