Skip to main content

Guidelines for Data File Transfers to and from Enterprise Systems

Established by Northwestern Information Technology

Audience:

All members of the Northwestern Community and users of the University network.

Definition:

Guidelines for security and confidentiality of data files and file transfers, established by Northwestern Information Technology.

Policy Statement:

Northwestern University employees and third-party vendors shall abide by the following guidelines for exchanging data files.

  • The SFTP file transfer protocol must be used; FTP transfers are not supported.
  • SSH keys must be set up for authentication; the use of passwords is not supported.
  • All inbound and outbound files must be encrypted regardless of data sensitivity.
  • Encrypted data files can be archived on the SFTP application with a 21 day retention period.

Background Issues:

Northwestern’s approved enterprise SFTP application should be used for file transfers or other data exchanges between enterprise systems and third-party vendors. It should also be used to exchange files between Northwestern IT enterprise systems and other Northwestern servers that are not housed in the Evanston or Chicago data centers (e.g., Kellogg or Housing servers). This SFTP application provides a fully secure file transfer environment that follows standardized management procedures and is compatible with the Autosys job scheduler.

Standards:

To request an automated file transfer, an IT Service Manager ticket should be created and assigned to the NUIT-CI-PIPS-DAPS team. The requestor will need to set up a meeting with the vendor’s technical support contact and the assigned DAPS team member to discuss the file transfer configuration.

The following information will need to be shared with the vendor before the meeting.

File transfer details will be discussed during the meeting with the vendor.

Original Issue Date:

January 2018

Back to top