Information Technology Security

Section: III.  ADSV - 504
Approved By: Bill Ryberg, 1/11/18
Last Review: none
Last Revision: none
Prior Revisions: none
Initial Adoption: 1/10/18

Policy

The college will create, maintain, and review annually an lT Security Program, which will outline specific measures and standards necessary for balancing college educational, business, and lT Security objectives, and ensuring compliance with legal mandates or applicable policies. The scope of this program includes the security of lT facilities; electronic data; off-site data storage; computing and telecommunications equipment; application-related services furnished by TCC, other state agencies, or commercial concerns; internet-related applications and connectivity; and/or any other areas necessary to mitigate lT-related risks. TCC's lT Security Program, and associated processes, procedures, and practices may contain information (confidential or private) about the agency's business, communications, computing operations, or employees. Person
responsible for handling and/or distribution of the lT Security Program should consider the highly sensitive nature of the information as well as related statutory exemptions from public disclosure and limit distribution to authorized entities and individuals with a legitimate need to know.

Purpose

Tacoma Community College (TCC) places a high priority on lT security; seeks to deploy technology which meets organizational objectives while protecting system and network security, data integrity, and confidentiality; and seeks to operate in a manner consistent with the goals of the Washington State Office of the Chief lnformation Officer (OCIO) and SBCTC lT Security Policies to maintain a shared, trusted environment for the protection of sensitive data and business transactions. This policy establishes the basis upon which college lnformation Technology (lT) security standards and practices will be created, guiding the appropriate risk mitigation to ensure an effective and secure environment for lT processing and college-related activities.

To Whom Does This Policy Apply

lndividuals or groups of individuals responsible for overseeing, managing, or implementing applicable programs and services where information technology is deployed at Tacoma Community College.

References

RCW 42.56 Public Records Act
Washington State OCIO Policy 141 - Securing lnformation Technology Assets
Washington State OCIO Policy 141.10 - Securing lnformation Technology Assets Standards

Definitions

None

Procedure

None