Data Security
Supporting Policies
The university has established several policies that govern the stewardship and use of information technology resources and institutional data in order to maintain specific university-wide standards and practices. These policies are used to:
- comply with applicable executive orders, legal, regulatory and contractual mandates
- protect the privacy and security of confidential information
- manage the ongoing operations of support infrastructure such as service centers, training programs and technical services
- delineate the roles and responsibilities for the stewardship and use of data that is captured, stored, shared, and managed by the university.
Supporting Information Security Policies, Plans and Controls
| Policy | What is it? | Who does it apply to? | What needs to be done? |
| AUP(Acceptable Use Policy) | establishes acceptable uses of resources and user responsibilities | anyone using resources | review and accept conditions of the AUP |
| Data Privacy | describes the info the university collects and way disclosed | anyone visiting university website or providing info | anyone involved in capturing, storing, sharing data |
| Record Retention | systematic management of records to meet standards | applies to all records | admin offices and academic depts must develop plans in accordance |
| Information Security Incident Response Plan | provides for a response to any reported security breach | addresses systems or media that have been lost or stolen | everyone should report suspected security breaches |
| Infrastructure Management Policy | establishes appropriate operation guidelines for administrating university computers systems | ensures secure availability of technical services | all protected info systems must be restricted to authorized users |
| Data Classification | defines responsibility for adhering to security practices | all personnel are responsible for security of data they access | read the policy and follow outlined standards |
| Management of Administrative and Student Information Systems | requirements for operating departmental information systems | anyone with responsibility for information systems | read the policy and follow outlined standards |
| Network Security Policy | minimum precautions for securing devices on the wireless and wired network | anyone at the university using a computer connected to the network | read the policy and follow procedures. use a VPN (virtual private network for authentication) |
| Security Awareness Training Policy | sets the training standards | ensures all are trained appropriately | deliver training in a timely manner |