non-public financial information developed by or pertaining to CCAC and/or its campuses, operations or programs; building and computer network security plans and information; network and system passwords; information relating to CCAC employees, including employee financial information and records maintained in personnel files; student education records, including financial and other personally identifiable information contained in such records; social security, student and/or employee identification numbers; and records and information that are protected against disclosure by one or more federal or state laws or regulations or by separate agreement between CCAC and a third party. 2. Portable storage devices, tablets and laptop computers, even if issued by the College, shall not be used to store confidential information without prior written approval from Chief Information Officer (or delegated authority). If approved, ITS will provide secure means to encrypt hard drives. 3. It is the responsibility of the user with remote access privileges to CCAC’s network to ensure that their remote access connection is given the same consideration as the user's on-site connection to the College networks. 4. All authorized remote access users are required to comply with all CCAC policies, rules and regulations while utilizing remote access privileges, including but not limited to the College’s Acceptable Use of Information Technology Resources Policy (Board Policy VII.01) and rules of conduct and acceptable use as set forth in the College’s Employee Manual and Student Handbook. Requirements 1. Remote access must be strictly controlled by the use of unique user credentials. It is also the user’s responsibility to protect and secure their user credentials to prevent unauthorized users from accessing the CCAC networks. For information on creating a strong password please review CCAC’s Password Policy & Guidelines. 2. All employees who have access to confidential information, whether at campus or remotely, must understand their responsibility to only access information that they need to do their job and to properly protect the confidentiality of the information they do access. These employees must sign a confidentiality agreement acknowledging these responsibilities annually. 3. The users approved for remote access are required to complete a mandatory data security training prior to use of this service. 4. Remote access passwords are to be used only by the authorized individual to whom they were assigned and may not to be shared with anyone. 5. All remote access connections that utilize a shared infrastructure or service, such as the Internet, will utilize strong encryption. ITS will establish standards for encryption technology. 6. All hosts that are connected to CCAC internal networks via remote access technologies must have up-to-date anti-virus software implemented and the virus definition files must be updated automatically when they are available. 7. All hosts that are connected to CCAC internal networks via remote access technologies must have current operating system security patches installed as recommended by the operating system vendor. 8. Personal equipment that is used to connect to CCAC’s networks must meet the requirements of CCAC-owned equipment for remote access. 9. When accessing the CCAC network resources from a shared personal computer, the authorized user is responsible for preventing access to any CCAC computer resources or data by non- authorized users.
149|Page
Made with FlippingBook Learn more on our blog