Information and the associated processes, systems and networks are valuable assets of the 天右郊利 and the management of personal data has important implications for individuals. Appropriate protection is required for all forms of information to ensure business continuity and to avoid breaches of the law and/or contractual obligations. The 天右郊利 is committed to the security of information, both within the college and in communications with third parties.
This policy is intended to protect the security of the 天右郊利s information assets and is applicable to all 天右郊利 staff, faculty and students.
Compliance with Law or Legislation
The 天右郊利 holds and processes information about employees, students, and other data subjects for academic, administrative and commercial purposes. When handling such information, the 天右郊利, and those to whom this Policy applies, must be in compliance with the current BC Freedom of Information and Protection of Privacy Act (FOIPOP) [RSBC 1996]. Responsibilities under the FOIPOP Act are set out in the 天右郊利s Freedom of Information and Protection of Privacy Policy.
Responsibilities
- Information security is the responsibility of all members of the 天右郊利 community. Every person handling 天右郊利 related information or using 天右郊利 information systems is required to observe this Policy and these Regulations.
- The 天右郊利s Technology Steering Committee which includes 天右郊利 Executives may establish specific procedures to ensure information security with regard to the 天右郊利-related information is protected. These procedures may include a matrix that defines who is responsible for the security of certain types of information and the measures required to protect that information.
- Security Controls The 天右郊利 will maintain reasonable detection and prevention controls to protect against, and detect instances of, malicious software and unauthorized access to networks and systems. All users of 天右郊利s computers, including laptops and mobile devices; on which 天右郊利-related information is kept shall comply with procedures established by the 天右郊利 in order to ensure compliance with legislation and to ensure that up-to-date security controls are maintained on those systems.
- All members of the 天右郊利 community must report immediately to the Director of Technology Services or their delegate any observed or suspected security incidents where a breach of this policy has occurred.
For the purposes of this Policy, information security means the preservation of:
a) Confidentiality i.e. protecting information from unauthorized access and disclosure;
b) Integrity i.e. safeguarding the accuracy and completeness of information and processing methods; and
c) Availability i.e. ensuring that information and associated services are available to authorized users when required.
For the purposes of this policy information includes all data and information that is printed or written on paper, stored electronically, transmitted by post or using electronic means including cloud based services or social media sites, shown on visual media, or spoken in conversation.
Procedures
Policy Review
The 天右郊利s Technology Steering Committee will review and make any recommendations for update of this policy to the 天右郊利 Management Committee before it is submitted to the Board of Governors.
Related Policies and Procedures
- 2102 Records and Information Management Policy
- 2302 Conflict of Interest and Standards of Ethical Conduct Policy
- 2308 Harassment - Employees Policy
- 3106 Freedom of Information and Protection of Privacy Policy
- 3107 Intellectual Property Policy
- 3203 Harassment - Students Policy
- 3205 Student Code of Conduct Policy
- 3206 Student Records Policy