Policies

Information Security Policy

Hendrix College, Technology Services
Policy # 12120
Effective: Friday, April 27, 2018
Purpose

The Information Security Policy is intended to protect the confidentiality, integrity, and availability of institutional data while in processing, transmission, and storage.

Additional Authority
Scope

This Policy applies to all faculty, staff, students, any third-parties contracted by the College, and any other individual or group authorized to access College information systems that store, transmit, or process institutional data.

Responsible Party

Chief Information Officer

1. Statement

  1. Throughout its lifecycle, all Institutional Data shall be protected in a manner that is considered reasonable and appropriate, as defined in documentation approved by the SLT and the CIO and maintained by the Technology Services Division, given the level of sensitivity, value and criticality that the Institutional Data has to the College.
  2. Any Information System that stores, processes or transmits Institutional Data shall be secured in a manner that is considered reasonable and appropriate, as defined in documentation approved by the SLT and the CIO and maintained by the Technology Services Division, given the level of sensitivity, value and criticality that the Institutional Data has to the College.
  3. Individuals who are authorized to access Institutional Data shall adhere to the appropriate Roles and Responsibilities , as defined in documentation approved by the SLT and the CIO and maintained by the Technology Services Division.
  4. Access to institutional data and systems that access protected data shall be audited yearly
  5. Individuals who are authorized to access Institutional Data shall achieve and maintain at leas a basic level of understanding of information security matters, such as general obligations under various information security policies, standards, procedures, guidelines, laws, regulations, contractual terms, and generally held standards of ethics and acceptable behavior.

2. Maintenance

This Policy will be reviewed by the CIO every 5 years or as deemed appropriate based on changes in technology or regulatory requirements.

3. Enforcement

Violations of this Policy may result in suspension, restriction, or permanent removal of the individual's privileges on any College owned information systems and associated institutional data. Additional administrative sanctions may apply up to and including termination of employment or contractor status with the College or suspension or expulsion from school.

If necessary, civil or criminal penalties may apply.

4. Definitions

Information system
Any electronic system that stores, processes, or transmits information.
Institutional Data
Any data that is owned or licensed by the College. See the Data Classification Standard for more information.

5. Additional Information

Revisions

Date Change
5/9/2018 Initial Draft