Editor's notes:
POLICY TITLE: Carnegie Mellon Data and Computer Security (Confidentiality of Administrative Data)
DATE OF ISSUANCE: This policy was originally issued in May 1990 as Chapter 1,
Volume 7 of the Carnegie Mellon Policy Library. The information in this policy was most recently updated in April 2001.
ACCOUNTABLE DEPARTMENT/UNIT: Computing Services.
Questions on policy content should be directed to Joel Smith, Vice Provost and CIO, x8-2649, joelms@andrew.cmu.edu.
ABSTRACT: This policy secures and protects administrative data
in university-owned computing systems and addresses broader
issues of the rights and responsibilities of
authorized persons in the handling, as well as the security and protection, of
university data.
Data and Computer Security
(Confidentiality of Administrative Data)
Policy Statement
Access to data residing in administrative systems and applications at Carnegie
Mellon University is to be granted only to those individuals who must, in the
course of exercising their responsibilities, use the specific information. Access
to administrative data will be granted to university employees only. With special
permission, a student may access data if the data pertains to that student or if
that student is also an employee of the university. Individuals outside the
university can be authorized access to university data only if that authorization
is granted by an Executive Officer of the university.
Access and update capabilities/restrictions will apply to all administrative
data, data stored on the Administrative Computing and Information Services (ACIS)
computers and on mini-computers and micro-computers across campus. Security
measures apply to administrative systems developed and/or maintained by
university departments or outside vendors.
This policy only covers administrative aspects of academic and research units.
Reason for Policy
Carnegie Mellon University maintains data which are essential to performing
university business. These data are to be viewed as valued resources over which
the university has both rights and obligations to manage, secure, protect, and
control. This policy secures and protects data defined as administrative data
stored in and accessible by university-owned computing systems and accessible by
university employees in their official university capacities. In addition, this
policy addresses the broader data issues of the rights and responsibilities of
authorized persons in the handling, as well as the security and protection, of
university data.
Contents
The following topics are addressed in the "Procedures" and "Special
Situations"
sections of this policy:
Topic
Who Does This Policy Apply To?
- Employees
- Alumnae(i)
- Students with special permission
- Trustees
- Authorized persons with interests in:
- University Finances
- Education/Instruction
- Research
- University Facilities
- Employee Data
- Student/Alumni Data
Related Documents
University Policies:
Definitions
These definitions apply to these terms as they are used in this policy:
Access capability
Authority granted to an individual which allows viewing of
data residing in a computer system file. Access capability is generally managed
through assignments of a user id and password.
Administrative data
Any data related to the administration of Carnegie Mellon
University. This includes data used by both the central administration and the
administrative units of the various colleges and departments.
Administrative systems and applications
Any computer system/application
programming which supports administrative activities of the university. This
includes systems or applications supporting both the central administration and
the administrative units of the various colleges and departments.
Campus-wide access information
Information intended for campus use and not for
external distribution. Unauthorized distribution of this information to external
sources by any university employee is considered an abuse of privileged
information.
Administrative Computing Security Committee
Group appointed by the president
and responsible for the administrative computing security environment at the
university. The group reports to the Assistant Vice President, ACIS.
Data Security Officer
The employee responsible for evaluating and monitoring
system access. Evaluates requests for access to application databases.
Data Owner
The employee responsible for the data in the system, e.g., a
division or department head. Responsibilities include evaluating/approving
requests for access to specific data or groups of data.
Public information
Information that is available or distributed to the general
public either regularly or upon request.
Restricted information, moderately sensitive/highly sensitive
Information
intended for use only by individuals who require that information in the course
of performing their university responsibilities, or information protected by
federal and state regulations. Requests for access to this information must be
authorized by the applicable department head AND dean/division head. If
restricted information is to be accessed across multiple divisions or
university-wide, the applicable vice president(s) or the provost must authorize
its access.
university
Carnegie Mellon University including its colleges, academic and
administrative departments and research units.
update capability
Access capability which allows an individual to alter, add or
delete data in a computer system file.
user id
Character string which identifies an individual to a computer system,
enabling access and/or update capabilities.
In order to control access and update capabilities, an individual residing in the
user area responsible for the specific application will be designated as the Data
Owner. This individual performs in a supervisory or managerial capacity and is
responsible for the data residing in the designated system. The responsibilities
of the Data Owner are to:
- Ensure proper operating controls over the application in order to maintain a
secure processing environment;
- Ensure accuracy and quality of data residing in application;
- Approve all requests for access to and update capability for the specific application;
- Ensure system issues impacting the quality of data within the system
are properly reported and adequately resolved.
On an annual basis, the Data Owner and the Data Security Officer will review the
current set of access and update capabilities granted to each individual on the
system in order to ensure that no changes are necessary.
Table 1 - Data Owners by Application
| Application | Data Types | Data Owner(s) |
|---|
| Admissions, Graduate | Prospects, Applicants, Admitted |
Dean, Graduate Schools Department Heads |
| Admissions, Undergraduate | Prospects, Applicants, Admitted |
Director, Admissions |
| Budget | Financial | Asst VP,
Budgets |
| Career Services | Students | Director, Career Center |
| Oracle Financials | Financial | Asst VP
Finance, Asst Provost, Research |
| Commencement | Students |
Director, Enrollment Services |
| Computer Billing | Financial |
Vice Provost, Computing Services |
| Degree Audit | Students | Department Heads |
| FCE | Faculty |
Asst VP, Planning |
| Financial Aid | Student Financial Information |
Director, Enrollment Services |
| Gift Accounting and Alumni System | Alumni, Friends, Corporations,
Foundations | Director, Development Information Services |
| Housing | Students Facilities | Director of Housing Services |
| Human Resource Information System | Personnel, Applicants Salary,
Appointments |
Asst VP, Human Resources,
Asst VP, Financial Services Group |
| Inventory Control | Supplies | Asst VP, Business Services |
| Work Order Management | Facilities Maintenance |
Asst VP, Facilities Mgt |
| Parking | Facilities Financial | Asst VP, Business Services |
| Design/Construction | Facilities, Plans |
Asst VP, Facilities Mgt |
| Property Management (PAS) | Capital Assets | Asst VP, Finance |
| Student Accounts Receivable | Tuition, Student Fees |
Director, Enrollment Services Asst VP, Finance |
| Space/Facilities Database | Facilities | Asst VP, Planning |
| Student Information (including QSIS) | Students Courses Facilities Records |
VP, Enrollment Services |
| Telecommunications | Facilities Financial | �
Director, Telecommunications |
In addition to the Data Owner, others will process and handle data in the course
of the administrative cycle. They too will be responsible for the security of the
data. These individuals and divisions include:
Data Security Officer
The Data Security Officer is responsible for all systems-related security issues
associated with a particular application. A Data Security Officer will be
appointed by the Assistant Vice President, ACIS, for each application and will act as the contact person for
establishing, altering or deleting computer user ids and determining data access
needs within a system.
Administrative Computing and Information Services is responsible for the design,
programming and maintenance of administrative applications. In designing or
updating systems, Administrative Computing and Information Services must be aware
of any security impacts of such designs and ensure that proper security control
is programmed into each application to provide a secure computing environment and
adequate protection of data. The Data Security Officer must convey
application-specific security needs to the Assistant Vice President, ACIS.
Computing Systems
Computing Services maintains and operates the equipment upon which most
central server administrative applications reside. It is the responsibility of
Computing Services to ensure adequate physical security over such equipment,
restrict equipment access to authorized personnel only, and adequately assure
that output containing confidential information is properly safeguarded.
Responsibilities also include maintenance of operating system-level security
specific to the computing equipment under their jurisdiction.
Administrative Computing Security Committee
The Administrative Computing Security Committee, is responsible for the maintenance of a secure administrative
processing environment at Carnegie Mellon. The committee formulates overall
policy, addresses issues impacting computer security, and reviews situations
involving violations of computer security policy.
Because different types of data require different levels of security, data is classified into four categories: Public Information,
Campus-Wide Information, Restricted Information - Moderately Sensitive, and
Restricted Information - Highly Sensitive. Each category is explained below. For
detailed examples of accessibility by data type, see the Appendix,
Table 2.
Public Information is available or distributed to the general public either
regularly or upon request.
Campus-Wide Information is intended for campus use and not for external
distribution. Distribution of this information to external sources by any
university employee without proper approval is considered an abuse of privileged
information.
Restricted Information - Moderately or Highly Sensitive is information intended
for use only by individuals who require that information in the course of
performing their university responsibilities or information protected by federal
and state regulations. Requests for access to this information must be authorized
by the applicable department head AND dean/division head. If restricted
information is to be accessed across multiple divisions or university-wide, the
applicable vice president(s) or the provost must authorize its access. In some
instances, the president may be required to authorized access to restricted
information.
Operating Systems
Operating Systems used for administrative computing will provide for, at a
minimum, the following security features:
- Discretionary access controls, where individual users can be included/excluded
from accessing files and other objects or from achieving certain forms of access
(
READ, WRITE, EXECUTE, DELETE, CONTROL).
- Prevention of disk scavenging (obtaining disk space that contains another
user's data).
- Notification to the data owner/computer operator/data security officer of
security breaches (unauthorized attempts to access certain files or the system).
Maintenance of an audit record of security events, as well as authorized or
unauthorized file access.
- Ability to audit changes to user id files and mounts/dismounts of disks and
tapes.
- Ability for idle terminals logged into applications to be disconnected after a
15-minute period.
- An encryption system to provide a high level of security for sensitive data
transmission files.
- Login features such as
- Automatic disconnection on multiple login failures
- Break-in detection and disabling user ids for a period of time after detection
- Automatic id expiration - Access restrictions based on user id, time of day and
day of week
- Control over dial-up or network access to restricted data and
systems
Database Management Systems
Database management software used in administrative application development will
have the following features:
- Ability to designate the database "private" or "public"
- Access capabilities which can be restricted at the table and field levels
- Access capabilities which can be restricted based on user, time of day, day of week
- Audit trails/journals which record important system activity
- Control checkpoints
Applications
Applications developed in-house or purchased from a third party will be examined
to determine:
- Security features used by the software (such as secondary passwords, captive
user ids, etc.)
- Security enhancements or improvements needed to meet
acceptable security levels.
- Interaction with other systems and related security implications.
The Data Security Officer and Administrative Computing and Information Services
should examine application-level security on a system-by-system basis. Because of
the complex interaction with other applications, the operating system, the
underlying databases, as well as the needs of the user community and the nature
of the data, there are many intervening factors which preclude an overall policy
for application-level security. The security features of any new software will
always be considered a priority in the selection and development of such
software.
Network
Interactive access to applications occurs in many ways, e.g.:
- Terminal attachment to systems via a local area network
- Direct attachment to the serial lines
- Internet or web-based access
Terminals attached via networks are susceptible to monitoring and their passwords
are insecure. Any local area network must be physically secure and is the responsibility
of each person authorized to access administrative information to ensure the physical
security of the local area network on which they operate. The login process should
transmit only encrypted passwords across the network. Unauthorized persons shall not be
permitted to access portions of the networks being used for transmitting university
administrative data.
Periodic review and correction of network security weaknesses are undertaken
jointly by the Administrative Computing and Information Services (ACIS) Department and
the Data Communications Department of the Division of Computing Services. All
weaknesses and security breaches will be reviewed by the Assistant Vice President, ACIS.
Backup and recovery procedures must be developed and maintained for all
administrative computing systems and data. The following requirements must be
met:
- Provisions for regular backup of data residing on the system.
- Storage of backup media at a location remote from the processing center.
- Approved Disaster Recovery Plan written and implemented to cover situations in which
hardware and/or software cannot run in its normal environment.
The Data Security Officer should periodically review backup and recovery
procedures to ensure their continued applicability.
Passwords are a critical component to any computer security program. To properly
control passwords and maintain their integrity, the guidelines below will be
followed:
- Passwords will automatically expire every 90 days, or more frequently in cases
of user ids with access to very sensitive data.
- Users must never give out their
personal password to anyone; sharing of passwords is a violation of this policy.
- As part of the educational process, the Data Security Officer will provide
users with guidelines for selecting and changing their passwords.
- A password
monitoring program will run weekly to check for insecure passwords. For
example, the program would check to see if the user's first, last or middle name,
user id, or other common words like "system," are used as passwords. If a user is
found to have an insecure password, the program will notify them to change it. If
the password has not been changed within one week, the user will again be
notified, and the Data Security Officer will also be notified.
Generic user ids will not exist, except as the source for the production,
maintenance, and development of application systems. In cases where many people
log in under a single user id, audit trails and system statistics become
ineffective in assigning responsibility.
Appropriate operating system security alarms will be activated, and available
auditing tools will be in use.
When an employee terminates employment with a department or the university,
follow the guidelines below.
- Immediately change or remove the passwords for those user ids to which an
employee leaving the university has had access or update capabilities. This
standard practice serves to protect the employee in the event of any problems and
the university systems against possible tampering. Monitoring such user ids is
primarily the responsibility of user area management, with assistance from the
Data Owner and the Data Security Officer.
- When an employee's termination is processed by the Human Resource Information
System, the Computer Billing System will automatically receive notification. Upon
receiving this notification, the user id will be suspended, and the Data Security
Officer will be alerted so that any necessary files may be retrieved and the user
id is deleted. Reinstatement will require the same level of authorization as
establishing a new user id.
If you wish to gain access to administrative data, follow the steps below:
- Complete a Request for Data Access form. Make sure that you
and your immediate supervisor have signed the form.
This form certifies that access to the specific application or data sets is
related to the completion of your work responsibilities.
- Send the form to the Data Owner who reviews the form and evaluates the request
with respect to the data that will be made available.
If your request is approved by the Data Owner
- The Data Owner signs the form as evidence of approval.
- The form is forwarded to the Data Security Officer.
- The Data Security Officer reviews the form and ensures that the action to be
taken will not breach data security from a systems perspective. The Data Security
Officer is also responsible for identifying the most appropriate method of
granting your request.
- Upon approving the request, the Data Security Officer will initiate the proper
action through either the Accounts Coordinator or Administrative Computing and
Information Services to physically set up your user id on the specific system
and/or application.
- Once this process has been completed, you will receive a new user id and
password, along with the original request form and any necessary instructions.
If your request is denied by the Data Owner or the Data Security Officer
- The form will be returned to you with an explanation of the reason(s) for
rejection.
- If you have been denied access, you may appeal to the Administrative Computing
Security Committee for review. The judgment of the committee is final in all
cases.
Requesting Access to Restricted Information
- Requests for access to restricted information for a department or a division
must be authorized by the applicable department head and dean/division head.
- Requests for access to information for multiple divisions or university-wide
must be signed by the provost or appropriate vice president. Authorization is to
be granted to employees who have job responsibilities requiring the information
requested.
- State whether you require one-time access or continual access.
Sometimes when you request authorization to access data, you may also want to
request the ability to update data within an administrative application. The
responsibility for approving such capabilities rests solely with the Data Owner.
In general, such update capabilities are to be limited to individuals working in
the organizational area(s) supported by the specific application or system, e.g,
only Payroll Office and Benefits Office staff members may update data within the
Human Resource Information System. It is important to emphasize that data update
capabilities will be limited to those who require the capabilities to
successfully meet their job responsibilities.
The Data Security Officer ensures that update capabilities are made available
only to authorized users and that data not authorized for update will be
satisfactorily protected.
When new applications are being developed or significant changes are being made
to existing systems, general guidelines will be established to define who should
have data update capabilities.
If you are denied data update capabilities
You can appeal that decision to the Assistant Vice President, ACIS.
The decision in these cases is final.
Just as care must be exercised in granting access or update capabilities to
administrative data/systems, such care must also be extended to the distribution
of administrative information generated by the university's administrative
systems.
The Data Owner is responsible for determining:
- Which data within administrative
systems are appropriate for distribution.
- The audience for distribution.
- The methods and timing of distribution.
The Data Owner must ensure that:
- The information distributed is in
compliance with any regulatory requirement (e.g.,
Buckley amendment) or
university policy (e.g., employee salaries are not made available to the public).
- The distribution methods or non-system data storage (i.e., paper or
diskettes) provide adequate security over the information contained on the
particular media.
The Data Security Officer provides assistance in coordinating security measures
over data distribution with Computing Systems and Administrative Computing and
Information Services personnel.
In the course of accessing data or information, you might access restricted
information within the particular database. It is the responsibility of the Data
Owner to ensure that all individuals with access to restricted data are aware of
the confidential nature of the information and the limitations, in terms of
disclosure, that apply.
- When accessing restricted information, you are responsible for maintaining
its confidentiality. The granting of a user id and password assumes that you will
maintain confidentiality over appropriate information without exception.
- The release of restricted data without the express approval of the Data
Owner or outside the guidelines established for such data will not be tolerated.
- Unauthorized release of restricted information will result in appropriate
disciplinary action, including possible dismissal. All matters involving
university employees will be reviewed with the assistant vice president for human
resources and/or the provost. Matters involving students will be reviewed with
the dean of student affairs. Matters involving individuals not affiliated with
the university will be reviewed with the university attorney.
If you are aware of possible breaches in administrative data/computer security,
you are strongly encouraged to report such occurrences to the Assistant Vice President, ACIS. Such reports will be held in strict confidence and
promptly investigated by the committee. Likewise, Data Owners and Data Security
Officers are responsible for reporting security breaches identified during the
course of their responsibilities to the Administrative Computing Security
Committee.
Upon notification of possible security breaches, the Administrative Computing
Security Committee will investigate all facts related to the situation and
recommend appropriate disciplinary action to university management. All matters
involving university employees will be reviewed with the assistant vice president
for human resources and/or the provost. Matters involving students will be
reviewed with the dean of student affairs. Matters involving individuals not
affiliated with the university will be reviewed with the university attorney.
All individuals with responsibility over or access to administrative data at
Carnegie Mellon are expected to follow the policies and procedures in this
document and to exercise discretion with regard to such information. Any
university employee, student or non-university individual with access to
administrative data who engages in unauthorized use, disclosure, alteration or
destruction of data in violation of this policy will be subject to appropriate
disciplinary action, including possible dismissal and/or legal action. The
following steps will be taken:
- Upon the identification of a potential breach of security or a misuse of
information, the Administrative Computing Security Committee will meet to review
the specific situation.
- The Committee will present a recommendation to university management for
action. All matters involving university employees will be reviewed with the
assistant vice president of human resources and/or the provost. Matters involving
students will be reviewed with the dean of student affairs. Matters involving
individuals not affiliated with the university will be reviewed with the
university attorney.
Responsibilities
The following table shows the responsibilities each party has in connection with
this policy.
You (individual requesting access)
- Complete Request for Data Access form.
- Get required signatures for form.
- Use system, application and data responsibly.
- Maintain data confidentiality of restricted data.
- Report incidents of possible security breaches.
Administrative Computing Security Committee
- Reports to the Administrative
Computing and Information Services Executive Steering Committee.
- Ensures maintenance of a secure processing environment.
- Recommends university policy
regarding administrative data and computer security.
- Addresses issues impacting computer security.
- Reviews situations involving violations of computer security policy.
Administrative Computing and Information Services
- Designs, programs, tests, and/or maintains administrative applications.
- Analyzes security impacts of programs.
- Ensures that proper control is built within a system to
provide a secure computing environment and to protect data.
Assistant Vice president, ACIS
- Appoints and/or approves Data Security Officers.
Computing Systems
- Operates the equipment on which most of the administrative applications reside.
- Ensures adequate physical security over the equipment.
- Ensures proper processing of administrative applications
within user-established timetables.
- Assures that output containing restricted information is properly safeguarded.
- Maintains security at operating system level specific to
the various types of machinery.
Data Owner
- Determines what data are appropriate for distribution and
update.
- Ensures proper operating controls over the application to maintain a
secure processing environment.
- Ensures accuracy and quality of data residing in application.
- Approves all requests for access to and update capability
for the specific application.
- Ensures system issues impacting the quality of
data within the system are properly reported and adequately resolved.
- Reviews annually, in conjunction with the Data Security Officer, the current
set of access capabilities granted to all individuals on the system to ensure
that the status is current and accurate and that no changes are necessary.
Data Security Officer
- Evaluates and controls all system access.
- Acts as contact person for the establishment, alteration or deletion of computer user
ids and data access needs within a system.
- Evaluates and resolves all systems-related security issues
for a particular application.
- Provides guidelines for system security, e.g., changing passwords.
- Reviews annually, in conjunction with Data Owner, the current set
of access capabilities granted to all individuals on the system.
Department Head/Supervisor
- Communicates specific security needs to
Administrative Computing and Information Services.
- Communicates employee terminations and status changes immediately to
Data Security Officer to ensure proper deletion/revision of user ids, access
and update capabilities to administrative applications.
Contacts
Questions about information in the Data and Computer Security Policy should be
directed to the following people:
Contact
Joel Smith, Vice Provost and CIO
Telephone
(412) 268-2649
Electronic Mail Address
joelms@andrew.cmu.edu
Appendix
The following table lists the different data types and their accessibility
status. Data types are explained in detail in Table 3.
Table 2 - Accessibility of Data by Type
| Data Type | Public Information | Campus-Wide Information |
Restricted, Moderately Sensitive | Restricted, Highly Sensitive |
|---|
| Employee Data | Government forms requiring salary data; (IRS Form 990) University Information |
None | Appointment Information Non-salary-related
benefits enrollment information Biographical Information Employee Information
Salary Surveys | EEO Information by employee Salary Information
by employee Termination/Disability Information by employee |
| University Finances | Annual Reports | Internal Annual Reports
Quarterly Reports | Financial data by operating unit | None |
| Facilities | None | Building Use Information (Fact Book)
Building Floor Plans | Building Maintenance Information | None |
| Students | Directory Information as identified in the university
policy on Privacy Rights of Students |
None | Biographical Information Academic Information |
Financial Aid Information Parents' Financial Information
Student Accounts Receivable Information Student's Payment Information
Career Service Information |
| Alumnae(i) and Friends | None | None | Biographical Information |
Gift and Pledge Information Financial Information Employment Information
Biographical Information for Friends |
| Education and Instruction | Programs Offered Degrees Offered
Courses Scheduled | Faculty Course Evaluation Results |
Instructor Information | None |
| Research Activities | None | None | Proposal Information |
None |
Table 3 - Examples of Data Types, Specific Information per Data Types
Data about Employees
Appointment Information - Non-salary-related
- Appointment Begin Date/End Date
- Change Type
- Entry Date
- Department Number
- Budget Line Number
- % Full-Time/Normal Hours
- Work Study Indicator
- Authorized Centers
- Contractual Joint Appointment Indicator/%
- Primary Appointment Indicator
- Directory Indicator
- Courtesy Indicator
Benefits Enrollment/De-enrollment Information
- Plan Name/Subplan Name/Coverage
- Dependent Information
Biographical Information
- Social Security Number
- Name
- Birth Date
- Marital Status
- Home Address
- Home Phone
- Directory Indicator
EEO Information
- Race
- Sex
- Veteran Information
- Disability Information
Employee Information
- Full-Time/Part-Time Status
- Employment Status
- Relationship
- Employment Date
- Leave of Absence Type
- Leave of Absence Begin Date/End Date
- Tenure Code and Date
- Union Code and Seniority Date
- Visa Type
- Visa Country
- Visa Expiration Date
Salary Information
- Tax Type
- Salary Amount
- Amount Type
- Pay Method
- Shift Differential 2/3
- Check Distribution Number
- Budgeted Salary
- Salary Grosses, Taxes and Net Pay
- Salary Deductions/Reductions
- Distribution Information
- Direct Deposit Information
- Job Class Code/Name
Termination/Disability Information
- Termination Date
- Termination Type
- Disability Type
University Information
- Directory Title
- Home Department Name/Number
- PAN Mailing Department Name/Number
- University Address
- University Phone
- Computer ID
Data about Facilities
Building Use Information
- Building Description
- Floor
- Room Number
- Use Code
- Detail Code
- Area (sq footage)
- Departments Controlling Space
- Program Classification Codes
- Percentage Splits
- Department or Program Classification Codes
Building Maintenance Information
- Maintenance Work Performed
- Work Order Costing
- Work Order Charges
Data about Students
Biographical Information
- Social Security Number
- Student Name
- Address
- Birthdate
- Sex
- Race
- Parent Information
Academic Information
- Courses Taken
- Grades
- QPA
- Standardized Test Scores
Financial Information
- Charges
- Payments
- Parent Financial Information
- Financial Aid
- Housing Information
- Food Services Information
Career Services Information
- Career Interests
- Employment Qualifications
- Employment Plans
- Positions Offered
- Salaries Offered
Data about Alumnae(i) and Friends
Biographical Information
- Social Security Number
- Name
- Address
- Marital Status
- Spouse Name
Financial Information
- Employer
- Salary
- Gifts to University
- Pledges to University
Data about Education and Instruction
Course Schedule Information
- Course
- Section
- Instructor
- Units
- Restrictions
Instructor Information
- Social Security Number
- Name
- Teaching Load
- Faculty Course Evaluations
Data about Research Activities
Proposal Title
Principal Investigators
Date of Funding
Amount and Distribution of Funding
Duration of Funding
Subject Information
[Policies Home Page]