/ Human Resources
Human Resources Information Systems
Carnegie Mellon University
4516 Henry St., UDTC Bldg.
Pittsburgh, Pennsylvania 15213

HUMAN RESOURCES DATA AND SYSTEMS SECURITY POLICY

I understand that in connection with my employment at Carnegie Mellon University, I will have access to confidential information, including personally identifiable information, within various information systems. These systems include, but are not limited to, Workday Human Capital Management (HCM), the Force Benefits Tuition solution, Taleo Recruiting, HR and Payroll archival databases, as well as other databases held in the Human Resources department.

I understand and agree that I am being given access to this information solely for the purposes of performing my duties as an employee of Carnegie Mellon, and that I will not access, copy, disclose or otherwise use this information for any other purpose not directly authorized by my supervisor or the Data Steward.[1] I agree to keep this information completely confidential and I understand that if I fail to do so, I will be subject to disciplinary action up to and including termination of my employment. I also understand that unauthorized and inappropriate disclosure or use of this information may subject me to liability under applicable civil and/or criminal laws. If I become aware that a breach of confidentiality has occurred due to my own or others’ acts or omissions, I will immediately notify my supervisor or the Data Steward.

I further understand that the following rules apply to my access to the information systems referenced above and the use of confidential information contained in those systems:

•When accessing restricted information, you are responsible formaintaining its confidentiality without exception. If confidentialinformation is released to you, you will maintain the confidentiality of that data and will not pass the information on to a third party without express permission from your supervisor or the Data Steward.

•The release of restricted information outside theguidelines established for such data is strictly forbidden,without the express approval of your supervisor or the Data Steward.

•Passwords should change every 90 days, or more frequently in cases ofuser ids with access to sensitive or restricted data.

•Users must never give out their personal password to anyone. The sharing of passwordsis a violation of this policy.

I have read and understand the Human Resources Data and Systems Security Policy.

______

Employee NameDepartment

______

Employee SignatureDate

[1]A Data Steward is a senior-level employee who oversees the lifecycle of one or more sets of institutional data. For more information please refer to the roles and responsibilities under the Information Security Policy, available at: