E-Services Security Standard

Medium

Purpose

Ensure agencies that engage in online activities or electronic commerce use due diligence to protect customer information from misuse or unauthorized access.

Standard

  1. Agencies requesting customer information shall provide a secure method for collection in compliance with the Encryption Standard.
  2. Credit card numbers collected via e-services will not be stored electronically.
  3. Credit card transactions shall be processed securely and must use Bank of North Dakota (BND) approved vendors.

Definition

Customer information - Any recorded information that identifies the person, such as but not limited to: account number, social security number, user ID/ PIN number/password, driver's license number. Other information to be considered based on agency business, such as but not limited to: name, mailing address, e-mail address.

E-Services - Services provided electronically via media that is interactive. For example but not limited to:

  • Interactive Voice Response (IVR)
  • World Wide Web

Customer - Any entity doing business with the state of ND on their own or another's behalf.

Guidance

  1. Encryption Standard

Policy

Ensure customer information is handled securely.

Scope

This standard applies to all executive branch state agencies including the University Systems Office but excluding other higher education institutions, i.e. campuses and agricultural and research centers.

Statement of Commitment

North Dakota's CIO/CTO directs that IT Policy be created to establish statewide information technology policies and standards as defined within ND Century Code (Chapter 54-59-09).

Non-Compliance

Non-compliance with this standard shall be reported to the Office of the State Auditor.


Revision Number: 2
Revision Date: 2017-06-27
Effective Date: 2005-07-18
Last Reviewed: 2021-01-05
Number: POL0020118