University Audit



Examples of controls to reduce the risks of data loss, unauthorized access, and unavailable systems:

  • Security of Mobile Computing, Data Storage, and Communication Devises, UCF Policy 4-007, and Data Classification and Protection, UCF Policy 4-008.

  • Access to sensitive and critical data is limited through user identifications and passwords.  Each user is assigned an appropriate access level.

  • User access is terminated when the employee leaves.

  • Passwords are not shared.

  • The system limits the number of unsuccessful password attempts.

  • Servers are protected from unauthorized physical access and environmental damage (fire, water, etc.).

  • Critical data is backed up daily, with backup stored off-site.

  • Servers are connected to an uninterruptible power supply system.

  • Each computer has up-to-date virus protection software.

  • Operating systems are updated for current security patches and applications are configured for security.   System administrator access is limited to a few persons.

  • The unit has developed and tested a continuity plan in the event of disaster or computer failure.  The plan includes a complete inventory of equipment and software, as well as detailed instructions for recovery.

Report a suspected data security breach to Chris Vakhordjian, Information Security Officer, at 407-823-3863 or

Click on the links below for examples of controls to mitigate risk:

Return to overview of Risks and Controls