It is the responsibility of the share owners to periodically scan their data in accordance with Cornell Policy 5.10.  

For information about how to scan, see the Guide to Data Discovery.

CIT will not be responsible for scanning customer shares for high-risk data. It is the customer’s responsibility to perform any such scanning to be compliant with any related Cornell policies.

• For HIPAA and Confidential/high-risk shares SFS provides the CIFS auditing functionality. Please use the Audit Report Request to obtain auditing logs for your share. Auditing reports should be reviewed by the customer in accordance with Cornell Policy 5.10.
• The customer is responsible for ensuring compliance with Cornell Policy 5.10.
• HIPAA data has requirements that need to be met on a scheduled basis, such as file-system ACL and user audits. Additional information is in the HIPAA Administrative Simplification Regulation Text.

SFS does not provide scanning for high-risk data, Anti-Virus protection, nor audit report reviews. These are the responsibility of the share owners.