Information Security Policy

The purpose of this policy is to ensure the protection of 华体会鈥檚 information resources from accidental or intentional access or damage while also preserving and nurturing the open, information-sharing requirements of its academic culture. This policy is applicable to all students, faculty, and staff and to all others granted use of 华体会 information resources. Every user of 华体会鈥檚 information resources has a general responsibility to protect those assets, while some offices and individuals have specific responsibilities. This policy refers to all college information resources whether individually controlled or shared, stand-alone or networked. It applies to all computer and communication facilities owned, leased, operated, or contracted by the college. This includes all networked devices, including but not limited to personal digital assistants, cell phones, personal computers, workstations, minicomputers, other wireless devices such as iPads, and any associated peripherals and software, regardless of whether used for administration, research, teaching or other purposes. Today, information technology (IT) permeates all aspects of teaching, learning, research, outreach and the business and facilities functions of the college. Safeguarding information and information systems is essential to preserving the ability of the college to perform its mission and meet its responsibilities to students, faculty, staff, and the citizens whom it serves. State and federal statutes, rules, and regulations, college policies and other explicit agreements also mandate the security of information and information systems. Failure to protect the college鈥檚 information technology assets could have financial, legal, and ethical ramifications. 华体会 acknowledges its obligation to ensure appropriate security for information systems in its domain of ownership and control. Furthermore, the college recognizes its responsibility to promote security awareness among the members of the 华体会 community. This policy establishes the general principles of information security that will be applied throughout the college.

Responsible office
Information Technology Services
Responsible party
Chief Technology Officer/Vice President for Information Technology
Last revision
April 2023
Approved by
The Cabinet
Approval date
February 2023
Effective date
May 2023
Last review
February 2023
Additional references
FERPA ,GLBA, HiPAA, PCI/DSS 11.4, Data Classification Policy

Scope

All financial and administrative policies involving community members across campus, including volunteers are within the scope of this policy. If there is a variance between departmental expectations and the common approach described through college policy, the college will look to the campus community, including volunteers to support the spirit and the objectives of college policy. Unless specifically mentioned in a college policy, the college鈥檚 Board of Trustees are governed by their Bylaws.

Policy

Authorities Delegated and Retained/Administrative Responsibility

The President of the College delegates administration of the college’s Information Security Policy to the Chief Technology Officer/Vice President for Information Technology.

Information Security Objec