Board
Policies
Chapter 5 - Administration
Click here for a PDF copy of this policy.
5.23 Security and Privacy of Information
Resources
Part 1. Policy Statement. It is the
policy of Minnesota State Colleges and Universities to protect
the security and privacy of its information resources and to make
information accessible as required by law. The System shall maintain
the confidentiality, integrity and availability of information
resources; ensure continuity of operations; prevent, control and
minimize the impact of security incidents; and manage risks to
those resources regardless of the storage medium, transmission
or disposal methods. Each college and university and the Office
of the Chancellor shall adopt and implement privacy and security
policies and procedures for its information resources consistent
with applicable System policy, procedures and other applicable
standards and state and federal law.
All users of Minnesota State Colleges and Universities System
information resources are responsible for the privacy, security,
and appropriate use of those resources over which they have authority,
access or control, and for compliance with applicable laws, regulations,
policies, procedures, and other standards. Each college, university
and the Office of the Chancellor shall provide appropriate security
awareness resources for its users.
Part 2. Applicability. This policy
applies to all users of System information resources; and to all
System information resources in any form or storage media, wherever
located.
Part 3. Definitions.
Subpart A. Access. Access means the
authority to view information, and when appropriate, insert,
update, delete, or download information. Access shall be authorized
to individuals or groups of users depending on the application
of law or System policy or procedure. Technical ability to access
information is not necessarily equivalent to legal authority.
Subpart B. Information Resources.
Information resources means all data collected, created, received,
maintained or disseminated by any Minnesota State Colleges and
Universities user, regardless of its form, storage media or
conditions of use.
Subpart C. System. System, or Minnesota
State Colleges and Universities System, means the Board of Trustees,
the Office of the Chancellor, the state colleges and universities,
and any part or combination thereof.
Subpart D. User. User means any individual,
including but not limited to, students, administrators, faculty,
other employees, volunteers, and other authorized individuals
using System information resources, whether or not the user
is affiliated with Minnesota State Colleges and Universities.
Subpart E. Integrity. Integrity means
assuring that information is kept intact, and not lost, damaged
or modified.
Subpart F. Availability. Availability
means assuring that information is accessible to authorized
users when needed.
Subpart G. Confidentiality. Confidentiality
means assuring that information is accessible only as authorized.
Part 4. Scope.
Subpart A. Procedures. The Chancellor
shall adopt security and privacy procedures under this policy.
Subpart B. Sanctions. Users who violate
this policy or related System, college or university procedures
shall be subject to disciplinary action through appropriate
channels. Violations may be referred to appropriate law enforcement
authorities.
| Date
of Implementation: |
4/19/06, |
| Date
of Adoption: |
4/19/06, |
| Date
& Subject of Revisions:
There is no additional
HISTORY for 5.23 at this time.
|
-
