SSN Exception Requests

According to SAP 29.01.99.M1.29 - Data Classification and Protection, information systems at Texas A&M are not allowed to store Social Security Numbers (SSNs). If an information system has a compelling business need to store SSNs, the information owner needs to submit an exception request.

To submit an exception request, email ciso@tamu.edu with the following information:

• Business and technical contacts
• Name of the information system (information systems can include multiple machines)
• DNS name of each machine in the system
• Business purpose for storing SSNs (e.g., State, Federal, Texas A&M regulations specifically require it)
• Mitigation against data loss (e.g., encryption)
  • Provide technical details, including encryption method and algorithm strength, if applicable.
•  Data life cycle
  
  • How do you receive the data?
  • What do you with the data while you have it?
  • How and when do you dispose of the data?
• Backups
  • What process is used to back up data?
  • What type of backup media is used and, if removable, how is media stored?
  • Are backups encrypted?

If you have questions, email ciso@tamu.edu.