OHR Information Security - Topics of Interest
Securing Personal Information on Printed Material
As an Office of Human Resources (OHR) staff member, Manager, or Administrative Officer at the NIH, you have access to many HR Systems that contain both sensitive data and Personally Identifiable Information (PII). You have been provided this access by your system security administrator because of the job duties that you perform. The HCG Information Security Committee wants to ensure that all users understand their responsibilities for protecting the confidentiality and integrity of the data they handle.
Below are a few common system tips for handling sensitive data and PII:
USAJOBS: In order to protect the social security numbers (SSN) of applicants, USAJOBS resumes should never be printed directly from the system. Instead, resumes should be emailed which strips social security numbers from resumes, and then they can be printed or saved.
HHS Careers:Hiring managers may view and print the applications online through the Certificate Review feature.SSNs are not displayed.
Capital HR: Avoid printing, filing or faxing SF-50s and SF-52s, or any other reports that display SSNs. Verify information on-line and use network drives and password protection to store files. Employees can access their own SF-50 information using eOPF
We do realize, however, that many of the documents you work with must be printed, faxed and filed, and that many of those documents may contain PII such as SSNs, addresses, birth dates and phone numbers. Here are a few quick tips to ensure that you are doing your part to keep personal information on printed documents secure:
- Collect printed information from shared printers, faxes and photocopiers promptly
- Keep documents containing personal information in files, containers or areas that are locked
- Restrict entry to areas where personal information is not locked
- Remove personal information from desk tops when it is not in use
- When discarding paper containing personal information, shredded it immediately!
Virtual Private Network (VPN)
The NIH virtual private network (VPN) is a network that uses the Internet to enable off-site users secure access to the NIH network. If you are tele-working you’ll need to ensure that you have VPN access. To do this:
- Complete the Remote Access Computer Security training module.
- WiTS Super User or Branch Chief must then send a WiTS ticket to HR Systems Support to request VPN access.
- Go to http://sdp.cit.nih.gov/downloads/vpn_tools.asp and download the appropriate VPN software (XP, Vista, Linux, Mac, etc.). Then, click on the link labeled “Full Client.”
- When the File Download box pops up, choose “Run.”
- When the download is complete, another box will appear and you’ll click on “Browse” and select your desktop. Next, click Unzip. 17 files will appear on your desktop—close the box with the Unzip option.
- Find the icon labeled “vpnclient_setup” and open the program. Follow the instructions in the installation wizard.
- After the software installs itself, a box will appear with the Cisco logo. Click the “Connect” icon in the top left corner.
- A box will appear for you to sign into the network. Then, type in your regular NIH login and password, just as you would use if you were in the office logging into your computer.
- Feel free to delete all of the icons that appeared on your desktop except for the shortcut icon that looks like a gold lock labeled “VPN Client.” You’ll use this icon to log onto the VPN network when you require off-site access.
