7-1: Information Technology Resources, Usage and Security

Associated Procedures

  • Information Technology Resources, Usage and Security – Procedures
  • Policy Overview

    Santa Fe Community College (SFCC or College) provides information technology resources to fulfill its mission and academic freedom. This policy established guidelines to protect the confidentiality, availability, and integrity of SFCC’s information technology resources based on relevant laws and regulations. The policy also establishes appropriate security requirements and restrictions on accessing and using SFCC’s information technology resources.

    Scope and Applicability

    All users of SFCC information technology resources are subject to this policy. This policy applies to all information technology resources, and any devices connected to information technology resources, whether through a wired, wireless or remote connection.

    Policy Statement

    1. SFCC is committed to the effective, efficient, ethical, and lawful use of its information technology resources to meet its mission, vision, and objectives.
    2. SFCC supports the use of technology for the open exchange of information and ideas in accordance with established policies on academic freedom (see Policy 3-14 Academic Freedom).
    3. All users are responsible for using information technology resources with awareness of and compliance with security, privacy, policies, and internal processes and controls (see Policy 2-1 Student Code of Conduct, Policy 4-1 Workplace Ethics and Code of Conduct).
    4. SFCC is dedicated to the protection of the rights of copyright holders and complies with all copyright laws including the Digital Millennium Copyright Act and the Higher Education Opportunity Act (Policy 3-16: Copyrights and Intellectual Property).
    5. SFCC is committed to the protection of privacy and confidential data under the Family Educational and Privacy Rights Act (FERPA) and in accordance with other appropriate laws.
    6. Information technology security is intended to protect access and usage, therefore SFCC will limit risks through a combination technology, procedures, enforcement, assessment, and awareness to minimize the risk of security incidents.

    Definitions

    1. Account Owner:  An individual who as been assigned the privilege and the responsibility for access to any information technology resource.
    2. Authorized Access: Permission based on college role to access information technology resources.
    3. Confidential Data: Information that should be protected from unauthorized access or release and may include, but is not limited to Personally Identifiable Information (PII), or other proprietary college information or data. PII refers to a set of distinct information that can be used to distinguish or trance an individual excluding information as allowed by the Family Educational Rights and Privacy Act (FERPA) and other appropriate laws. It includes but is not limited to information such as social security numbers, tax identification numbers, health information, birthdate, driver’s license numbers, bank account numbers, health insurance information, maiden name, or SFCC A-numbers or any aggregate student data that is less that 10 individuals. Directory information is excluded from PII unless a student as requested the Registrar’s Office not to disclose his/her information. (7-4 Electronic Mail).
    4. Data Steward: A data steward is an individual responsible for specific data in a database or system, such as Banner. The data steward is responsible for data integrity and is also responsible for authorizing access to data, records, and information.
    5. Guest: A member of the general public who is not a registered student, employee, or sponsored visitor, and who may access information technology resources intended for public use.
    6. Information Technology Resources: All contracted or owned SFCC technology facilities, services, hardware, software, data storage, computer accounts, networks, and bandwidth; and all content and data (information) that comprise such technology.
    7. Malicious Network Traffic: Any program, software, files or activity that is damaging or detrimental to information technology resources; including but not limited to malware, worms, spam, Trojan horses, spyware, or unauthorized monitoring or logging.
    8. Security Breach: Any activity that leads to the damage or unauthorized access of an information technology resource.
    9. Separation from the College: Including but not limited to resignation, termination, retirement, or loss of student status.
    10. Shared Accounts: Accounts with multiple users that are intended for campus activities or departmental needs.
    11. Sponsored Visitor: Consultants, vendors, or others who have been authorized by SFCC for temporary access to relevant information technology resources.
    12. System Owner:  An individual with operational, technical and overall responsibility for all aspects of a particular information technology system.
    13. User: Including, but not limited to SFCC employees, students, sponsored visitors, and guests who utilize SFCC information technology resources.

    Policy Process

    1. Information Technology Resource Access
      1. Authorized access is governed by each user’s duties, roles and responsibilities, and requires the approval of a chair, director or above and may also require the approval of the system owner or data steward.
      2. User accounts and user access rights and privileges are intended for use by the account owner and must not be shared, transferred or used by others.
      3. Requests for shared accounts must include a valid educational, technological or business need and must be approved by the Office of Information Technology (OIT).
      4. Upon separation form the College, accounts will be disabled and authorized access will be removed. Business-related data including Personal Identifiable Information and email may be transferred to the supervisor upon request and approval from the appropriate Vice President or Executive Director.
      5. Violation of this policy may result in disciplinary action up to and including revocation or suspension of technology usage privileges and/or any other disciplinary action according to relevant SFCC policies, the College will report any activity that appears to violate any local, state, or federal law to the appropriate authorities.
    2. Security
      1. OIT establishes and enforces security standards for all information technology resources. Resources containing confidential data shall require additional security measures.
      2. OIT reviews all technology related software, equipment requests, and purchases to ensure equipment meets security standards and equipment guidelines as outlined in Policy 7-2: Technology Equipment Renewal and Replacement.
      3. OIT reviews all software application, whether hosted on campus or by a third party, that are intended to store or process confidential data, prior to purchase and implementation.
      4. OIT evaluates all applications developed on campus to ensure they meet campus security standards.
      5. OIT may filter malicious network traffic including inbound, outbound and internal.
      6. OIT has the right to limit access or quarantine any device that does not meet basic security standards to ensure the security of information technology resources.
      7. OIT will implement password and authentication standards following industry best practices.
      8. SFCC data centers and network closets will be secured at all times, with entry limited to authorized users.
    3. Privacy and Monitoring
      1. While respecting user privacy and academic freedom to the fullest extent possible, SFCC reserves the right to monitor and examine any network traffic or data for the following purposes which include, but are not limited to:
        1. Enforcing policies against discrimination, harassment and threats to the safety of individuals (policy 4-9 Discrimination and Harassment and Policy 4-10 Sexual Harassment);
        2. Protecting against or limiting damage to information technology  resources
        3. complying with a court order, subpoena or other legally enforceable discovery request (Policy 8-6 Public Information/Notices and News Media Contacts);
        4. Upgrading or maintaining information technology resources;
        5. In response to a notification, investigating and preventing the posting of proprietary software or electronic copies of texts, data, media or images in potential violation of copyright, licenses or other contractual and legal obligations or in violation of law.
        6. Issues outlined, in Policy 4-4 Fraud, Waste and Abuse.
      2. OIT employees and individuals authorized by OIT, are the only groups allowed to utilize monitoring and log capturing tools to examine traffic on information technology resources.

    Statement of Authority and Responsibility

    The President, through the Chief Information Officer and the Office of Information Technology (OIT), in consultation with appropriate SFCC departments, shall have the authority and responsibility for developing, implementing, managing, securing, administering, and maintaining information technology resources. OIT will develop procedures for this policy and will work closely with SFCC departments to enforce compliance with this policy.

    Authority

    Policy 2-1 Student Code of Conduct

    Policy 3-14 Academic Freedom

    Policy 3-16 Copyrights and intellectual Property

    Policy 4-1 Workplace Ethics and Code of Conduct

    Policy 4-4 Fraud, Waste and Abuse

    Policy 4-9 Discrimination and Harassment

    Policy 4-10 Sexual Harassment

    Policy 7-2 Technology Equipment Renewal and Replacement

    Policy 7-4 Electronic Mail

    8-6 public Information/Notices and New Media Contacts.

    H.R.4137, the Higher Education Opportunity Act

    7 U.S. Code § 512 Digital Millennium Copyright Act

    Family Educational Rights and Privacy Act (FERPA) (20 U.S.C. § 1232g; 34 CFR Part 99)

    POLICY APPROVAL SFCC Governing Board approved: 1/28/14

    Revised and Governing Board approved: 6/22/16

    View Procedure

Irrigation Repair

Santa Fe Community College will be repairing irrigation lines at the central roundabout (the drop-off area by the flag poles) Monday, April 23 through Monday, April 30. During repairs, the roundabout will not be accessible. Please use other entrances into the main and West Wing parking lots. No parking areas will be affected. Please use caution when walking or driving in the vicinity. Thank you for your patience while we make improvements to campus.