Networking and Information Security
Texas A&M University
Networking & Information Security

» Home » Risk Management » SSN Exception Requests

SSN Exception Requests

According to SAP 29.01.03.M1.29 - Data Classification and Protection, information systems at Texas A&M are not allowed to store Social Security Numbers (SSNs). If an information system has a compelling business need to store SSNs, the information owner needs to submit an exception request.

To submit an exception request, email ciso@tamu.edu with the following information:

  • Business and technical contacts
  • Name of the information system (information systems can include multiple machines)
  • DNS name of each machine in the system
  • Business purpose for storing SSNs (e.g., State, Federal, Texas A&M regulations specifically require it)
  • Mitigation against data loss (e.g., encryption)
    • Provide technical details, including encryption method and algorithm strength, if applicable.
  •  Data life cycle
    • How do you receive the data?
    • What do you with the data while you have it?
    • How and when do you dispose of the data?
  • Backups
    • What process is used to back up data?
    • What type of backup media is used and, if removable, how is media stored?
    • Are backups encrypted?
If you have questions, email ciso@tamu.edu.
Last Modified: August 22, 2013