Topics Map > Programs & Policies
Topics Map > Desktop > Security & Storage
Best Practices for Instrument Computer Security
The School of Pharmacy is a healthcare component (HCC) under the Health Insurance Portability and Accountability Act (HIPAA) law. The computer network in Rennebohm Hall is also part of the larger UW-Madison network. Under both HIPAA law and campus policy, the school has an obligation to keep its network secure from threats that could lead to legal liability or isolation from other campus networks. This would severely impact the ability of our faculty and staff to do research and perform job-related duties.
Although instrument computers may never store or process HIPAA data, they do use the UW-Madison network for a variety of purposes. Therefore, they should adhere as closely as possible to all campus policies for protecting the campus network.
Instrument computers are also the "life blood" for conducting various research projects. It is, therefore, in the best interest of faculty and lab staff to protect these computers as best as they can by following these recommendations.
- Instrument computer: a computer that physically connects to a lab instrument (a spectrometer, HPLC, or other device) and is used to control that device or collect and store data generated from that device.
- Instrument software: the software installed on the instrument computer that provides the interface for controlling or configuring the instrument.
- IP address: is a number assigned to a computer that uniquely identifies it on the Internet.
- OS: this stands for "operating system", which is the software used to let a computer user interact with the computer hardware, and load and run software. Two examples of common operating systems are Microsoft Windows and MacOS.
- Antivirus software: specialized software designed to detect and remove malicious software on a computer.
- School of Pharmacy network: is the communication medium through which a computing device connects to network resources such as web sites or email servers. The School of Pharmacy network technically bounded by the IP address range of 128.104.(112-115).(0-255). In CIDR notation this translates to 18.104.22.168/22. This definition is restricted to physical (wired) connections from computing devices to the network.
The practices outlined in this document apply only to instrument computers as used for research or analytical purposes in Rennebohm Hall.
- Recommended Practices
- The lab should use the instrument computer solely for the purpose of operating the instrument and collecting information from it. We strongly recommend that the instrument computer not be used for activities such as email or web browsing.
- The instrument computer should run an OS that is actively supported by the vendor (i.e., the vendor still offers updates for the OS).
- The instrument computer should not be configured to share its resources (such as disk storage for file sharing).
- No software other then the instrument software and antivirus software should be installed on the computer.
- If antivirus software is shown to interfere with the normal operation of the instrument or its software, we can remove the antivirus software but the computer will have to be taken off the network to comply with campus policy.
- The user account from which lab staff operate the instrument software should not have administrator-level rights.
- If the above recommendations cannot be implemented, we can implement other recommendations to mitigate risk to the School of Pharmacy network.
- Instrument computers that must use outdated operating systems, or an OS that must be maintained at a specific version level, can be placed on a separate network. If the instrument computer needs access to resources on the SoP network, we can create very specific firewall rules to allow this.
- If needed, the instrument computer can be connected to campus storage solutions to share files and data with lab personnel.
- Additional software may be installed if it's related to the research work and approved by the faculty controlling the instrument. One example may include statistical or other types of analytical software.
- The instrument computer can connect to websites it might need for data or other needs. But casual web browsing should be discouraged or blocked through technical means.
- Service support for the instrument itself is best left to the vendor of the instrument. IIT staff can make a "best effort" attempt to solve simple hardware problems with the instrument computer (such as installing additional memory or diagnosing network problems), but labs should understand that there may be times when vendor support may be required for the instrument computer. If it becomes necessary for IIT staff to work with vendor support, we recommend following these steps.
- Please give IIT staff at least three days notice to help ensure that someone will be available when vendor support is on site.
- If an administrator account is needed to do any work, IIT can create a temporary account for the vendor technician to use. The temporary account credentials should not be shared with lab staff unless there is a clear reason to do so.
- Temporary administrator accounts should be removed (or at least have their password changed) when the work is compete.
- Related UW-Madison Policies
- Electronic Devices Connected to the Network
- Endpoint Management and Security Policy
- Acceptable Use of Technology Resources
- Designation of the UW-Madison Health Care Component (UW HCC)
- Procedure Contacts
- Document History
- Created: 04/13/2021 by John M. DeMuth
|Director of Instructional and Information Technology|
|Senior Information Processing Consultant|
John M. DeMuth