The Wayback Machine - https://web.archive.org/web/20180222061757/http://www.upenn.edu:80/computing/security/spia/index.php
Penn Computing

Penn Computing
Computing Menu Computing A-Z
Computing Home Information Systems & Computing Penn

 

Thursday, February 22, 2018
 
  New Resources
Security Logging Service
Travel Tips for Data Security
Free Security/Privacy Training Resources
Penn+Box
Two-step verification
Combating Malware
SafeDNS
Phishing Archive
Cloud Computing and Data Outsourcing
Best Practices for Applications with Confidential University Data
 
  Security "Greatest Hits"
Managing Passwords
E-mail Harassment & Forgery
Hoaxes, frauds & scams
Spam
Phishing
Wireless Networking
Encryption
 
  Best Practices
Standards
Secure desktop computing
Secure servers
Secure data deletion
Securing printers
Tips for safe computing
Computing policies
 
  More in-depth information for
Local support providers
System administrators
 
  Security initiatives
Critical Component compliance
Authentication & authorization
Penn Security & Privacy Assessment (SPIA)
Security Liaisons (Restricted Access)
Secure Share
Secure Space
Vulnerability Scanner
 
  Related links
Electronic privacy
PennKey
Viruses
Worms, trojans, backdoors

Security and Privacy Impact Assessment (SPIA)


Why do a Security and Privacy Impact Assessment (SPIA)? Who will it benefit? The SPIA process is one that supports schools, centers, business units, and the university as a whole. More importantly the process will help protect our students, patients, research subjects, and employees by ensuring the information entrusted to Penn is protected and used only for their intended purposes. Completing such an analysis is extremely important in today's technologically advanced world. Users should understand what risks exist in their environment, and how those risks can be reduced or even eliminated.


Provided at the links below are instructions and guidance for the SPIA Web Application along with a link to the SPIA Web Application itself. In order to access the SPIA Web Application, you will need to be designated as a School/Center Administrator or Inventory Manager by your School/Center's SPIA Coordinator.


Related Links and Resources

Cloud Computing and Other Data Outsourcing [PennKey authentication required]
https://secure.www.upenn.edu/computing/security/cloud/

University Policies for Information Privacy and Security
http://www.upenn.edu/computing/policy/

Privacy and Security Charter
http://www.upenn.edu/computing/security/spia/UPENN_InfoSec_Privacy_Program Charter__FINAL_11032016.docx

Payment Card Industry Security Standards
https://www.pcisecuritystandards.org/

HIPAA Privacy and Security Rules
www.hhs.gov/ocr/privacy/hipaa/administrative/securityrule/

www.hhs.gov/ocr/privacy/hipaa/administrative/privacyrule/

Gramm Leach Bliley Act
http://www.ftc.gov/privacy/glbact/glbsub1.htm

Last updated: Tuesday, January 3, 2017

Information Systems and Computing
University of Pennsylvania
Comments & Questions
Penn Computing University of Pennsylvania
Information Systems and Computing, University of Pennsylvania