Information and the associated processes, systems and networks are valuable assets of the 疯情AV and the management of personal data has important implications for individuals. Appropriate protection is required for all forms of information to ensure business continuity and to avoid breaches of the law and/or contractual obligations. The 疯情AV is committed to the security of information, both within the college and in communications with third parties.
This policy is intended to protect the security of the 疯情AV鈥檚 information assets and is applicable to all 疯情AV staff, faculty and students.
Compliance with Law or Legislation
The 疯情AV holds and processes information about employees, students, and other data subjects for academic, administrative and commercial purposes. When handling such information, the 疯情AV, and those to whom this Policy applies, must be in compliance with the current BC Freedom of Information and Protection of Privacy Act (FOIPOP) [RSBC 1996]. Responsibilities under the FOIPOP Act are set out in the 疯情AV鈥檚 Freedom of Information and Protection of Privacy Policy.
Responsibilities
- Information security is the responsibility of all members of the 疯情AV community. Every person handling 疯情AV related information or using 疯情AV information systems is required to observe this Policy and these Regulations.
- The 疯情AV鈥檚 Technology Steering Committee which includes 疯情AV Executives may establish specific procedures to ensure information security with regard to the 疯情AV-related information is protected. These procedures may include a matrix that defines who is responsible for the security of certain types of information and the measures required to protect that information.
- Security Controls 鈥 The 疯情AV will maintain reasonable detection and prevention controls to protect against, and detect instances of, malicious software and unauthorized access to networks and systems. All users of 疯情AV鈥檚 computers, including laptops and mobile devices; on which 疯情AV-related information is kept shall comply with procedures established by the 疯情AV in order to ensure compliance with legislation and to ensure that up-to-date security controls are maintained on those systems.
- All members of the 疯情AV community must report immediately to the Director of Technology Services or their delegate any observed or suspected security incidents where a breach of this policy has occurred.
For the purposes of this Policy, 鈥渋nformation security鈥 means the preservation of:
a) Confidentiality 鈥 i.e. protecting information from unauthorized access and disclosure;
b) Integrity 鈥 i.e. safeguarding the accuracy and completeness of information and processing methods; and
c) Availability 鈥 i.e. ensuring that information and associated services are available to authorized users when required.
For the purposes of this policy 鈥渋nformation鈥 includes all data and information that is printed or written on paper, stored electronically, transmitted by post or using electronic means including cloud based services or social media sites, shown on visual media, or spoken in conversation.
Procedures
Policy Review
The 疯情AV鈥檚 Technology Steering Committee will review and make any recommendations for update of this policy to the 疯情AV Management Committee before it is submitted to the Board of Governors.
Related Policies and Procedures
- 2102 Records and Information Management Policy
- 2302 Conflict of Interest and Standards of Ethical Conduct Policy
- 2308 Harassment - Employees Policy
- 3106 Freedom of Information and Protection of Privacy Policy
- 3107 Intellectual Property Policy
- 3203 Harassment - Students Policy
- 3205 Student Code of Conduct Policy
- 3206 Student Records Policy