Information Security Policy
The Campus Data Steward will:
Maintain a list of Data Stewards and their designees as appointed by the IGC
Maintain a current list of Highly Sensitive data elements
Ensure that appropriate handling requirements for information and data access are
established by each Data Steward for their area of stewardship
Ensure that appropriate handling requirements are implemented for University
information assets
2.3.
Data Stewards
Data Stewards are appointed by the Information Governance Committee and will:
Assign information under their stewardship to one of three security designations:
public, internal, or sensitive, based upon the information’s intended use and the
expected impact if disclosed
Bear primary responsibility for decisions regarding handling requirements for the
data under their stewardship
Coordinate activities with areas outside their own when data usage, access
and/or handling impacts extend beyond their own unit
Identify and authorize Designates for acting as the Data Steward’s proxy for
activities within their stewardship
2.4.
Office of Information Technologies Information Security and Compliance
Create standards and procedures that meet the information asset handling requirements
defined by the Data Stewards
Submit information asset handling standards and procedures to the responsible Data
Stewards for approval
Investigate and report to the IGC suspected violations of security policy
The University’s policy is to comply with all applicable legislative, regulatory, and contractual
requirements concerning information security. University Information Security handling
requirements and standards may exceed legally prescribed requirements.
This policy applies to faculty, staff, students, and all others granted use of University information
assets and defines their responsibility for the protection and appropriate use of University
information, applications, computer systems, and networks.
Information assets: All University data including but not limited to verbal, printed, or records
represented as audio, video, still picture, or a combination of these.
Information Handling Requirements: Mandated handling of information assets including who
may handle it, when they may handle it, in what circumstances and for what purpose.
3. SCOPE
4. DEFINITIONS