Tufts Two-factor Authentication (2FA) Policy

Purpose

At Tufts, we place a high value on the creation, use and sharing of information to fulfill the University’s mission.  It is our collective responsibility to take precautions to protect the security, privacy and integrity of University information systems and personal and institutional data, such as research data, intellectual property and financial information.  To better protect all of our information, Tufts has implemented two-factor authentication (“2FA”), a new security measure to provide a second layer of protection when accessing institutional and personal data.

Scope

This policy applies to all faculty, staff, and affiliates of Tufts University.

Policy Statement
In consultation with university leadership, Tufts will require 2FA for all new faculty, staff, and affiliates hired on or after July 1, 2017.  For existing faculty, staff, and affiliates, Tufts will require 2FA by September 30, 2017. 

Technology Services will regularly evaluate and prioritize applications requiring two-factor authentication (2FA), to enhance the protection of institutional data and personal information.

Approval Entity(ies)
Academic Council, Administrative Council

Approval Date
May 3, 2017

Effective Date
July 1, 2017

Executive Sponsor(s)
Vice President for Information Technology & CIO

Responsible Office(s)
Office of the CIO

Revision
The University reserves the right to change this policy from time to time. Proposed changes will normally be developed by those responsible for the policy with appropriate stakeholders. The approval entities have sole authority to approve changes to this policy.

Related Policies
Information Stewardship Policy
Use of University Systems Policy
Information Roles and Responsibilities Policy
Information Classification and Handling Policy
Business Conduct Policy