Policy No.: 8073 Board Approved: December 16, 2014 Revised:
Information Technology Security Policy
Hagerstown Community College acknowledges its obligation to ensure appropriate security for data and systems under its ownership and control. The College also recognizes its responsibility to promote awareness among faculty, staff and students. The Information Technology Security Policy provides the fundamental framework for ensuring the basic Information Technology security principles of confidentiality, integrity and availability are honored at Hagerstown Community College. The College will build and maintain a robust, adaptable and defensible security posture to address current and future needs and threats. The College’s administration will keep current guidelines for the design, implementation and maintenance of procedures for protecting the computer and data assets of the College. The guidelines will be updated as needed to provide guidance towards meeting compliance requirements as set forth in rules, standards, laws and regulations such as, but not limited to, the Family Educational Rights and Privacy Act, the Health Insurance Portability and Accountability Act and the Payment Card Industry Data Security Standard. The guidelines encompass a wide range of subjects including: • Access Control • System Operation and Administration o Separation of User and Administrative Functions o Back-up, Recovery and Archiving o System Standards and Documentation o Monitoring o Management Review of Access • Security Management o Systems o Data o Data Center (Physical and Environmental) o Networks o Review, Testing and Compliancy o Monitoring and Reporting • Information Systems Acquisition, Development and Maintenance • Change Control Management Every member of the College community is responsible for protecting the security of information and information systems by adhering all related policies and guidelines. Failure to comply with established policies and guidelines may result in the loss of computing privileges and / or disciplinary action. The Director of Information technology has the overall responsibility for the Security of the College’s information technologies. Implementation of security policies and guidelines is delegated throughout the College to various units.
Made with FlippingBook - Online catalogs