» Home » Risk Management » SSN Exception Requests
SSN Exception Requests
According to SAP 29.01.99.M1.29 - Data Classification and Protection, information systems at Texas A&M are not allowed to store Social Security Numbers (SSNs). If an information system has a compelling business need to store SSNs, the information owner needs to submit an exception request.
To submit an exception request, email firstname.lastname@example.org with the following information:
- Business and technical contacts
- Name of the information system (information systems can include multiple machines)
- DNS name of each machine in the system
- Business purpose for storing SSNs (e.g., State, Federal, Texas A&M regulations specifically require it)
- Mitigation against data loss (e.g., encryption)
- Provide technical details, including encryption method and algorithm strength, if applicable.
- Data life cycle
- How do you receive the data?
- What do you with the data while you have it?
- How and when do you dispose of the data?
- What process is used to back up data?
- What type of backup media is used and, if removable, how is media stored?
- Are backups encrypted?