Goal:
Safeguard the confidentiality, integrity, and availability of information while enabling high-quality research and public communication.
Scope & alignment
Applies to all NCSU staff, contractors, interns, and vendors handling NCSU information. Aligned with national cybersecurity guidance, relevant laws, and international best practices.
Principles
Lawful, fair, and transparent processing; purpose limitation; data minimization; accuracy; storage limitation; security by design/default; accountability.
Classification
• Public – publishable.
• Official – routine internal.
• Confidential – sensitive operational/research.
• Restricted – highly sensitive (tight access, MFA, enhanced logging).
Research data
Use minimal necessary data, obtain appropriate consent/notice, prefer anonymization or pseudonymization, and publish aggregated outputs wherever possible.
Third-party processors
Due diligence on security/hosting; contracts covering confidentiality, sub-processors, incident reporting, and data return/deletion at end of service.
Incidents
Report suspected breaches immediately. We assess, contain, and remediate promptly, and notify affected parties/authorities where required.
Training & review
Mandatory onboarding and annual refreshers. This summary and our internal SOPs are reviewed at least annually or on material legal/risk changes.
