UAB has contracted with DriveSavers to provide data recovery services for the UAB
community. DriveSavers is the only data recovery company in the industry that undergoes
annual SAS 70 Type II Audit Reports and is HIPAA compliant, offering the highest level of data
security available. DriveSavers is also compliant with FAR 52.224-2 (Privacy Act), ISO 17799,
Sarbanes-Oxley Act of 2002 (SOX), the US government Data-At-Rest (DAR) mandate, the
Gramm-Leach-Bliley Act (GLBA) and the new regulation by National Institute of Standards and
Technology, NIST SP 800.34 (Rev. 1).
To view DriveSavers certifications, and learn more about Data Recovery Industry standards,
Desktop Web Conferencing / Microsoft Live Meeting
NOTE: Microsoft LYNC is coming! UAB will be converting from Live Meeting to Microsoft LYNC in the coming months. More information will be provided as systems become operational over the summer of 2013.
Microsoft Office Live Meeting is a conferencing solution that connects and engages audiences in online meetings, training and events through a reliable, enterprise class hosted service. With meeting attendees participating from their PCs, you can deliver a presentation, kick off a project, brainstorm ideas, edit files, and collaborate on whiteboards, all without the hassle and cost of travel.
Live Meeting helps users streamline communications from small collaborative meetings to large events.
Host Collaborative Meetings Quickly and Cost-Effectively
Train Employees and Partners, Conduct Large Audience Events
Engage Your Audience with Rich Media and Video Conferencing
Data Custodians must:
- Designate appropriate individuals with system administration responsibilities, ensuring that their role in securing the system is defined in their job description, and that they are trained in administration and security of the system.
- Ensure adherence to UAB guidelines and procedures for protecting data as found in IT Security Practices.
- Ensure compliance with all stipulations of this and other UAB policies and other legal and regulatory requirements including those related to dissemination of data (UAB's Information Disclosure and Confidentiality Policy) and disposal of computer equipment and systems (UAB's Equipment Accounting standards, and "Guidelines for secure disposal of media containing sensitive information").
- Ensure that risk assessments are performed (including disaster recovery plans, backup and contingency plans) as required by HIPAA for all PHI. Risk assessment is recommended for all other sensitive or mission critical data.
- Ensure that documentation of data resources created, used, or stored within their area of control is maintained.
- Ensure that systems containing sensitive information are physically secured from unauthorized access.
- Ensure that the department/unit follows procedures to mitigate all identified compromises or identified data security threats.
- Ensure that actual or suspected data security breaches, especially when involving sensitive data, are reported to the Data Security Office immediately and that any recommended corrective action is implemented.
- Ensure that non-UAB entities or contracted third party vendors handle data in accordance with UAB policies and procedures.