Navigation

CHAPTER THREE

ADMINISTRATION AND FINANCE

364

Information Security Program

 

The University shall protect the confidentiality of information in the custody of the University, the security of the equipment where this information is processed and maintained, and the related privacy rights of the CSU students, faculty, and staff concerning this information.

All students, faculty, staff, and consultants employed by the CSU, or any other person having access to University information technology resources, shall comply with this policy.

The Risk Manager shall be responsible for performing the duties of the Information Security Officer as recommended in the CSU Security Policy and as described in the University’s Information Security Manual.

Back to top

364.1
Confidentiality-Security Policy

 

Access to computers and data is a privilege extended at the discretion of the University. The University shall retain the right and authority to revoke or restrict such privileges at any time. Access to University computers, computing resources, and data will be restricted, denied, or discontinued by the University for failure to abide by this policy. Faculty, staff, students, and consultants employed by the CSU, or any other person having access to University information technology resources, shall sign for receipt and understanding of this policy. The signed statement shall be placed in the employee's official personnel/payroll file.

Back to top

364.2
Reporting Information Technology Security Incidents

 

Faculty, staff, students, and consultants employed by the CSU, or any other person having access to University information technology resources, shall report violations of the Confidentiality-Security Policy and/or unauthorized modification, deletion, or disclosure of information included in University data files and data bases.

Back to top

Reference

  • Date approved by the President: January 2, 2001
  • Office responsible for implementation: Risk Management Department
  • Any laws, regulations or codes of practice which should be referred to in conjunction with the policy: Emergency Management Plan; Federal Disaster Relief Act of 1974 (Public Law 93-288); Federal Civil Defense Act of 1950 (Public Law 920), as amended; NUREG 0654, Federal Emergency Management Agency REP-1, Rev. 1, 1980; United States Army Corps of Engineers-Flood Fighting (Public Law 84-99); California Code of Regulations, SEMS, Title 19, Division 2, Section 2400 et seq.; California Emergency Services Act, California Government Code, Section 8550 et seq.; California Health and Safety Code; California Master Mutual Aid Agreement, California Government Code, Section 8615 et seq.; California Natural Disaster Assistance Act, California Government Code, Section 8680 et seq.; California Vehicle Code; California Water Code, Section 128; California Code of Regulations, Title 5, Section 41302, 42402; California Education Code, Section 66600, 66606, 89031; Executive Order 533, California State University Risk Management Policy; Injury and Illness Prevention Program (May 1997); CSU Security Policy (May 1997); Executive Order 524, CSU Implementation of the CSU Major Emergency Preparedness Program; Executive Order 382, CSU Student Records Administration; Executive Order 590, CSU Student Air Travel Policy

Back to top