Information Security Policy
Expresses how the campus will maintain a comprehensive information security program.
|Policy Number||Policy Owner|
|10006.1||Information Technology Services|
- 1.0 Purpose
- 2.0 Revision History
- 3.0 Units and Persons Affected
- 4.0 Policy
4.1 Following the procedures outlined in SUNY document, Information Security Guidelines, Part 1, SUNY Plattsburgh will take reasonable measures to protect:
4.1.1 The confidentiality, integrity and availability of the sensitive information that it creates, receives, modifies, maintains or transmits
4.1.2 The security of the equipment and physical locations where the information is processed, maintained, and transmitted
4.1.3 The privacy rights of SUNY Plattsburgh students and staff members concerning this information
4.2 SUNY Plattsburgh will inform its staff members about the policies and procedures that apply to SUNY Plattsburgh generally and to staff members in their individual roles.
4.3 SUNY Plattsburgh will require all staff members upon employment, to sign a confidentiality agreement.
4.4 SUNY Plattsburgh will provide all staff members with general information security training and any additional security training specific to their area.
4.5.1 SUNY Plattsburgh will perform periodic reviews of its information security policies and procedures and revise them as necessary.
4.5.2 Whenever SUNY Plattsburgh becomes aware of a change in law, regulations, or operating environment that necessitates a change to these policies and procedures, the revised policies and procedures will be documented and implemented.
4.6 Implementation & Enforcement
4.6.1 The Information Security Oversight Committee (ISOC) is charged with: understanding the College’s information security risk; understanding the Program and the University System’s information security standards; presenting professionally and legally sound and timely advice to executive management regarding appropriate action; ensuring the Program is exposed to outside, professional perspective, especially that of the University System’s Office of Information Security; and collaborating with key managers of the major business functions of the College to maintain the Program with comprehensive scope. Members of the ISOC are listed in Information Security Program Assignments.
4.6.2 The Information Security Committee (ISC) involves the College’s business functions in major risk decisions regarding the information for which those functions are owners or designated as responsible and involves each subsidiary of the College in the Program in appropriate ways. The ISC has the duty and authority to monitor, document, and assess the security of information and information systems, both digital and physical, within any function in the College, and to plan, design and recommend security-related projects and changes within any functions they have assessed. The ISC conducts ongoing information security assessments, especially assessments of the Program’s effectiveness, and reports these assessments in writing to senior management. Members of the ISC are listed in Information Security Program Assignments.
4.6.3 All supervisors and staff members of the College have the duty and responsibility to assist the ISOC and the ISC in meeting the Program’s mission
- 5.0 Definitions
- 6.0 Responsibilities
- 7.0 Procedures
- 8.0 Forms
- 9.0 Appendix
- 10.0 Distribution and Training
For additional information about this policy, please contact the Policy Owner listed above.