ROWAN UNIVERSITY POLICY
...
Title: Acceptable Use Policy
Subject: Information Security
Policy No: ISO: 2013:01
Applies: University-wide
Issuing Authority:
...
Senior Vice President for Information Resources and Chief Information Officer
Responsible Officer:
...
Senior Vice President for Information Resources and Chief Information Officer
Date Adopted: 07-01-2013
Last Revision: 10-10-2016
Last Review: 06-23-2016
I. PURPOSE
This policy sets forth the acceptable uses regarding the access and use of the University's electronic information and information systems.
...
Under the direction of the President, the Chief Information Officer and the University's Chief Director of Information Security Officer shall implement and ensure compliance with this policy. The Vice Presidents, Deans, and other members of management will implement this policy.
...
- Availability – the expectation that information is accessible by Rowan when needed.
- Cloud Services – Consumer and business products, services and solutions delivered and consumed on-demand, using the cloud service providers' pooled resources, and delivered over a broad network, such as the Internet.
- Confidentiality – the expectation that only authorized individuals, processes, and systems will have access to Rowan's information.
- Confidential Information – the most sensitive information, which requires the strongest safeguards to reduce the risk of unauthorized access or loss. Unauthorized disclosure or access may 1) subject Rowan to legal risk, 2) adversely affect its reputation, 3) jeopardize its mission, and 4) present liabilities to individuals (for example, HIPAA and HITECH penalties). See the Information Classification policy for additional information.
- HIPAA – Health Insurance Portability and Accountability Act of 1996.
- HITECH – Health Information Technology for Economic and Clinical Health Act.
- Information System – consists of one or more components (e.g., application, database, network, or web) that is hosted in a University campus facility, and which may provide network services, storage services, decision support services, or transaction services to one or more business units.
- Integrity – the expectation that Rowan's information will be protected from improper, unauthorized, destructive, or accidental changes.
- Internal Information – data that is owned by the University, is not classified Confidential or Private, and is not readily available to the public. For example, this includes employee and student identification numbers and licensed software.
- Mobile Computing Device – including, but not limited to, laptops, netbooks, tablets, smartphones (BlackBerry, iPhone, etc.) and mobile broadband cards (also known as AirCards® and connect cards).
- Private Information – sensitive information that is restricted to authorized personnel and requires safeguards, but which does not require the same level of safeguards as confidential information. Unauthorized disclosure or access may present legal and reputational risks to the University. See the University's Information Classification policy for additional clarification.
- Privileged Information – refers to attorney-client communication.
- Public Information – information that is readily available to the public, such as the information published on web sites.
- Removable Media – including, but not limited to, CDs, DVDs, copier hard drives, storage tapes, flash devices (e.g., CompactFlash and SD cards, USB flash drives), and portable hard drives.
- Social Media – refers to tools that allow the sharing of information and creation of communities through online networks of people.
- Rowan Community – faculty, staff, non-employees, students, attending physicians, contractors, covered entities, agents, and any other third parties of Rowan.
V. REFERENCES
VI. POLICY
...