IT.02.001 - Interim Policy on Information Security

Printable Version in PDF Format (Get Adobe Acrobat)

Table of Contents

• History
• Purpose
• Background
• Policy
  • Accountability
  • Applicability
  • Definition(s)
  • Text
• Exhibit(s)

History [top]

• Policy Number: IT.02.001
• Version: Interim
• Drafted By: CSU
• Approved By: Richard R. Rush
• Approval Date: 6/1/09
• Effective Date: 6/1/09
• Supercedes: N/A

 

Purpose [top]

The CSU draft policy of October 27, 2008 serves as California State University Channel Islands' interim policy pending passage of a final CSU policy and further review by the CSUCI campus.

Background [top]

The California State University (the CSU or the University) is committed to protecting the confidentiality, integrity, and availability of information assets owned, leased, or entrusted to the University. This policy and associated standards provides direction and support to campuses for information security in accordance with University requirements and relevant laws and regulations. The CSU information security practices are designed to promote and encourage appropriate use of information assets and are not intended to prevent, prohibit, or inhibit the sanctioned use of information assets as required to meet the University’s core mission and campus academic and administrative purposes.

Policy [top]

Accountability [top]

The Board of Trustees (the Board) of the California State University is responsible for protecting the confidentiality, integrity and availability of CSU information assets. Unauthorized modification, deletion, or disclosure of information assets can compromise the integrity of the mission of the CSU, violate individual privacy rights, and possibly constitute a criminal act. It is the collective responsibility of all users to ensure:

• Confidentiality of personally identifiable information.
• Integrity of data stored on or processed by CSU information systems.
• Availability of information stored on or processed by CSU information systems.
• Maintenance and currency of applications installed on CSU information systems.
• Compliance with applicable laws, regulations, and CSU/campus policies governing information
  security and privacy protection.
  

The campus Chief Information Officers (CIO) is responsible for ensuing that a Responsible Use Policy is in place and enforced.

Applicability [top]

This policy shall apply to the following:

• This policy shall apply to the following:
• All campuses, including auxiliary units, and external business or organizations that provide goods
  or services to the CSU.
• Central and departmentally-managed information assets.
• All students, faculty, staff, and consultants employed by the CSU or any other person having
  access to CSU information assets.
• All categories of information, regardless of the medium in which the information asset is held
  (e.g. paper, electronic, oral, etc).
• Information technology facilities, software, and equipment (including personal computer
  systems) owned or leased by the CSU.

Definition(s) [top]

N/A

Text [top]

(See PDF link above)

Exhibit(s) [top]

N/A