To promote adherence to this rule by all NMSU entities, NMSU may take reasonable and necessary action to assess Data security and to monitor compliance efforts. The Offices of the Chancellor, IT Privacy and Compliance or the Chief Information Officer may authorize NMSU staff or consultants to utilize IT auditing technologies to scan IT systems, including the NMSU network, servers, databases, applications, cloud storage, and other computing devices. This provision does not limit nor affect the authority of the university’s Office of Audit Services to conduct independent internal audits.
- The IT auditing technologies to be used may include programs and utilities that allow for programmatic inspection of Data access, security, use, modification, maintenance and disclosure permissions.
- The results from automated scans may be centrally correlated for analysis in a secure environment. These technologies are not to be used to read the full context of the Data, but rather to match established Data use patterns.
- Information gathered through periodic auditing will maintained confidentially, to the extent permitted by law.