IT Security Policy
IT Standards and Guidelines
The authority for writing Information Technology (IT) standards and guidelines, will reside with the Chief Information Officer (CIO), with input from IT directors, associate directors and managers, as necessary.
St. Louis Community College IT takes reasonable and prudent measures to comply with applicable federal, state and local laws with regards to securing information systems. It is imperative that IT standards and guidelines be followed to protect the College’s information systems.
Information Security
St. Louis Community College relies on data and information technology to fulfill its mission. The protection of these information resources is imperative to the College fulfilling its mission.
The College shall maintain an information security program that seeks to reasonably and appropriately protect the confidentiality, integrity, and availability of College information resources. The information security program shall implement safeguards to protect data and technology that take into consideration the laws and regulations that apply, as well as the value the College derives from this data with respect to the College’s mission and strategic priorities.
Any system that stores, transmits, or processes College data shall be secured in a reasonable and appropriate manner consistent with Board Policies, Administrative Procedures, or IT standards and guidelines.
Responsible Use of Information and Technology
Users must use information resources in accordance with:
- Applicable local, state, federal, and international laws and regulations.
- The College’s mission, vision, and values.
- IT Security measures, including the responsibilities to:
- Protect access to systems and data by ensuring it is restricted based on the needs of job function;
- Protect systems and data from unauthorized modification;
- Prevent the unauthorized disclosure of data;
- Protect system and data availability and accessibility for authorized users;
- Collect personal information for specified, explicit, and legitimate purposes;
All users must acknowledge and accept the responsible use of information and
technology prior to initial access and on an annual basis.
Prohibited Activities
The following activities are prohibited:
- Sharing an individual’s digital identity (user ID and password, or other authenticator);
- Disrupting the intended purpose of an information system;
- Violating copyright or patent protections, as well as licensing or other third-party agreements;
- Gaining unauthorized access to systems or data, or invading the privacy of another individual or entity;
- Using College information systems for personal gain, or promoting political campaigns or issues.
- Collecting personal information without an explicit, specific, and legitimate purpose;
- Other activities that compromise the confidentiality, integrity, or availability of an information system.
Incidental Personal Use
Information systems are provided for the furtherance of the College mission. Brief, incidental use of the College's telephones, computers, and other technology to attend to personal matters is permissible provided it does not interfere with an individual’s work, departmental business, or educational use.
Privacy and Monitoring
All College owned information systems are subject to review. Information systems are monitored for reasons that include, but are not limited to, security, performance, backup, and trouble-shooting. The College reserves the right to monitor any information system, for any legitimate business reason.
Identity and Access Management
Designated users are granted rights to access specific STLCC information systems. To manage risk and ensure the accuracy of College information, the College maintains processes to properly identify users of its information systems. Three principles establish protection and trust:
- Identification: Ensuring electronic credentials are granted to the proper individual;
- Authentication: Verifying the validity of these credentials at the time of access;
- Authorization: Ensuring the individual has been granted the authority to perform the requested actions.
St. Louis Community College is dedicated to preventing unauthorized access, maintaining accuracy and ensuring the appropriate use of the information the College collects.