Applies to: (examples; Faculty,Staff, Students, etc)
Faculty , Staff , Students , Contractors_Vendors
Faculty , Staff , Students , Contractors_Vendors
The College recognizes that in certain instances it must collect, store and use Sensitive Information relating to its students, employees, and individuals associated with the College as well as certain types of research data. The College is dedicated to collecting, handling, storing and using Sensitive Information properly and securely.
College Rolls Affected by Policy
Any member of the College community, including all faculty, staff, and students, who have access to College records that contain Sensitive Information covered by this Policy must comply with this Policy.
Applies to all active members of the College community, including faculty, students, staff, and affiliates, and to authorized visitors, guests, and others for whom College technology resources and network access are made available by the College. This policy also applies to campus visitors who avail themselves of the College’s temporary visitor wireless network access, and to those who register their computers and other devices through Conference and Event Services programs or through other offices, for use of the campus network.
Term |
Definition |
Breach of Security |
The unauthorized acquisition or use of Sensitive Information that creates a substantial risk of identity theft or other harm. This definition includes the unauthorized acquisition or use of encrypted electronic Sensitive Information where the confidential process or key has been compromised. |
Chief Information Security Officer (CISO) |
The Information Technology employee designated to serve as the primary person responsible for management of information security. |
Electronic |
Relating to technology having electrical, digital, magnetic, wireless, optical, electromagnetic or similar capabilities. |
Employee |
Includes all College faculty, staff and students, volunteers,
|
Encryption |
Transformation of data through the use of an algorithmic process, or an alternative method at least as secure, into a form in which meaning cannot be assigned without the use of a confidential process or key. |
Information Security Team |
Members of the IT department that have been designated to handle security-related questions and issues pertaining to the College. The CISO (“Chief Information Officer”) is a member of this team. |
Incident Response Team |
(“IRT”) Means the Chief Information Security Officer, the Vice President College Services, the General Counsel and Chief Compliance Officer, and such other individuals as the IRT may appoint to assist with a Security Incident or Breach. |
Record |
Any material upon which written, drawn, spoken, visual or electromagnetic information or images are recorded or preserved, regardless of physical form or characteristics that contain Sensitive Information. The term Record includes both paper and electronic material. |
Sensitive Information |
Information that is designated as Restricted Use, Confidential or Internal Data under the Data Protection Standards. |
Users |
Anyone that uses our technology services. |
The College is committed to collecting, handling, storing and using Sensitive Information properly and securely. This Policy establishes an Information Security Program to create administrative, technical and physical safeguards for the protection of Sensitive Information throughout the College. The purpose of this Program is to comply with applicable laws and to:
Position/Office/Department |
Responsibility |
The College’s Chief Information Security Officer (CISO) |
The College’s Chief Information Security Officer is responsible for the administration of this Policy and the Information Security Program across departments and units that maintain Records in any format. The College’s CISO shall oversee, with the assistance of the Enterprise Risk Management Committee the administration of this Policy, including developing procedures concerning the review, oversight, and governance of this Policy, and including any necessary training. College Employees may request, collect, store or use Sensitive Information only as permitted by this Policy, the Data Protection Standards and practices required by his or her unit or department. Every member of the College community should strive to minimize the collection, handling, storage and use of Sensitive Data. Only those who have a legitimate business need to access Sensitive Data should do so, and for as limited as time as possible. Minimize or eliminate the collection, handling, storage and use of Sensitive Data whenever and wherever possible. |
Data Protection Standards policies
Digital Millennium Copyright Act Policy
Name |
Contact Information |
Lewis, Zachary, Director IT |
Zachary.Lewis@stlcop.edu, 314-446-8402 |
Knoll, Eric, Vice President Operations |
Eric.Knoll@stlcop.edu, 314-446-8375 |