Administration & Finance

A&F SERVICES

Campus Administrative Policies

CHAPTER 300: ADMINISTRATION AND FINANCE



380 Administrative Compliance Services

Administrative Compliance Services (ACS) shall be responsible for the following major areas: Campus Administrative Policy, Emergency Management Planning, Business Continuity Planning, Public Records Act administration, and the Records Retention program.

Back to top

382 Request for Public Records

The California Public Records Act requires government agencies to provide the public with access to public records, subject to limited exceptions. Public records are defined by statutes as “any writing containing information relating to the conduct of the public’s business prepared, owned, used, or retained by any state or local agency regardless of physical form or characteristics.”

Public records are open to inspection by the public at all times during office hours. Requests to inspect public records may not interfere with Cal Poly’s business operations. Requests may be made verbally or in writing. If a verbal request cannot be responded to immediately, the requestor shall be asked to submit his or her request in writing so that it is clear what is being requested. Alternatively, a member of the public may submit a written request for public records. The following policy applies to either verbal or written requests for public records.

The campus must respond whether records will or will not be disclosed within ten days after receipt of the request. There is no charge for inspecting records; however, a charge of $.20 per page shall be imposed for all copies of records provided as either hard copies or electronically.

Back to top

382.1 Policy

A campus department that receives a request for public records shall immediately notify and, if written, provide a copy of the request to the Public Records Act (PRA) officer. The department which receives a request for public records shall respond to and comply with the request, unless the requested documents are housed in a different department. A written request should immediately be forwarded to the other department for handling and the PRA officer notified of the transfer.

The director of Administrative Compliance Services serves as the campus PRA officer. The campus PRA officer assures that appropriate campus entities, including University Legal Counsel, are notified of the request and for maintaining an inventory of all such requests. University Legal Counsel shall notify the CSU Office of General Counsel of each request and is available to respond to questions and advise campus administrators regarding requests.

Back to top

References for CAP 382

  1. Date approved by the President: January 19, 2014
  2. Effective Date: January 19, 2014
  3. Responsible Department/Office: Administrative Compliance Services
  4. Revision History: March 7, 2007; January 19, 2014
  5. Related University Policies, Procedures, Manuals and/or Documents: None cited
  6. Laws, Regulations and/or codes of practice referred to herein or related to this policy:
    1. Government Code Section 6250; Article I, Section 3, California Constitution

383 Business Continuity Program

The campus is required to develop and maintain a Business Continuity Program to ensure essential functions, systems and operations of the University can be resumed following a catastrophic event. The Business Continuity Program shall include a risk assessment, business impact analysis, business operation continuity plans, testing and exercise plans, communication strategy, and training guidelines for campus. The documentation is to follow structured plan maintenance, approval and record retention.

Back to top

383.1 Business Continuity Program Committee

The University President has delegated responsibility for developing and maintaining the Business Continuity Program to the Business Continuity Planning Committee (BCPC). The BCPC will consist of a chair, co-chair, and senior administrative leaders who have a working knowledge of business continuity processes and are from units identified as key to essential operations. Campus Business Continuity Plans require review and approval by the BCPC.

Back to top

383.2 Business Continuity Plan (BCP)

Departments essential to campus operations are required to develop and maintain a Business Continuity Plan. These include but are not limited to; Admissions and Recruitment, Contracts and Procurement, Facility Services, Disability Resource Center, Financial Aid, Fiscal Services, Food Services, Health and Counseling Services, Housing and Residential Life, Human Resources/Academic Personnel, Information Services, Instruction, Records (Office of the Registrar), Research and Economic Development, University Police, and University Scheduling. Departments deemed essential are reviewed annually by the BCPC and are posted on the Cal Poly Business Continuity website.

The BCP shall consist of: a directory of essential personnel and business contacts, a prioritized list of essential functions together with the essential staff, equipment and support activities identified for each function, lines of succession and delegations of authority, alternate operating facilities, procedures for safeguarding vital records, and testing and training exercises.

Back to top

383.3 Business Impact Analysis

Units determined to provide essential functions are required to identify essential functions and workflow, determine the qualitative and quantitative impacts of a vulnerability or threat to essential functions, prioritize and establish recovery time objectives and, if appropriate, establish recovery point objectives.

Back to top

383.4 Risk Assessment

Units determined to provide essential functions are required to identify vulnerabilities and threats that may impact their ability to fulfill the mission of the University and define controls to reduce such exposure.

Back to top

References for CAP 383

  1. Date approved by the President: January 19, 2014
  2. Effective Date: January 19, 2014
  3. Responsible Department/Office: Administrative Compliance Services
  4. Revision History: None
  5. Related University Policies, Procedures, Manuals and/or Documents:
    1. Continuity of Operations Plan
    2. Executive Order 1014, California State University Business Continuity Program
    3. Cal Poly Information Security Risk Self-Assessment
  6. Laws, Regulations and/or codes of practice referred to herein or related to this policy:
    1. California Executive Order S-04-06

384 Records/Information Retention and Disposition

The campus is required to implement Records and Information Retention and Disposition schedules to ensure efficient and effective compliance with legal and regulatory disposition and retention requirements while implementing appropriate operational best practices.

Back to top

384.1 Records/Information Custodians

The President has delegated campus custodians for each type of record requiring retention and disposition schedules. These custodians are responsible for assuring that the campus is operating in compliance with the California State University (CSU) Records/Information Retention and Disposition schedules, secure records and information in accordance with applicable campus and CSU policy and ensure the appropriate and timely disposition schedule timeframes.

Back to top

384.2 Records/Information Schedules

Each custodian defines schedules for the documents/information they are responsible for based on CSU and legal requirements. These schedules are published on the Cal Poly website and are available to the Office of the Chancellor upon request. Schedules are required to be reviewed and approved on an annual basis by the assigned data custodian.

Back to top

384.3 Records/Information Disposal

Every unit on campus is required to dispose of all records/information in accordance with retention and disposition schedule timeframes. The campus has implemented compliance procedures via the annual Information Technology SelfAssessment whereby departments verify they are following retention and disposition schedules.

Back to top

References for CAP 384

  1. Date approved by the President: January 19, 2014
  2. Effective Date: January 19, 2014
  3. Responsible Department/Office: Administrative Compliance Services
  4. Revision History: None
  5. Related University Policies, Procedures, Manuals and/or Documents:
    1. Revision to Executive Order No. 1027, Systemwide Records/Information Retention and Disposition Schedules Implementation & Executive Order No. 1031
    2. Cal Poly Information Security Risk Self-Assessment and Inventory Standard
    3. Cal Poly Record Retention and Disposition Standards
  6. Laws, Regulations and/or Codes of practice referred to herein or related to this policy: None cited.
Back to top

References for CAP 380

  1. Date approved by the President: October 24, 2014
  2. Effective Date: October 24, 2014
  3. Responsible Department/Office: Administrative Compliance Services
  4. Revision History: Not applicable
  5. Related University Policies, Procedures, Manuals and/or Documents:
    1. Cal Poly ACS website
    2. CSU Executive Order 1014
    3. CSU Executive Order 1031
    4. CSU Executive Order 1056
  6. Laws, Regulations and/or codes of practice referred to herein or related to this policy:
    1. California Public Records Act