University Policies

Page tree

Versions Compared

Old Version 5

changes.mady.by.user Alburger, Katherine A

Saved on

compared with

New Version 6

changes.mady.by.user Alburger, Katherine A

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

ROWAN UNIVERSITY POLICY


Title: Workstation Use and Security Policy 
Subject: Information Security 
Policy No: ISO: 2013:03                                                                       
Applies: University-Wide
Issuing Authority: Information Security Office - Director of Information Security
Responsible Officer: Vice President for Information Resources and Chief Information Officer                              
Adopted: 07/01/2013
Amended: 06/01/2014
Last Revision: 08/08/2018

I. PURPOSE

This policy specifies the appropriate use and security applicable to ROWAN’s workstations. 

II. ACCOUNTABILITY

Under the direction of the President, the Chief Information Officer and the University’s Director of Information Security shall implement and ensure compliance with this policy.

III. APPLICABILITY

This policy applies to all members of the ROWAN community.

IV. DEFINITIONS

...

  1. Administrative Safeguardsadministrative actions, and policies and procedures to manage the selection, development, implementation, and maintenance of security measures to protect the University’s information assets and to manage the conduct of the University community in relation to the protection of those information assets.

...

  1. Availability the expectation that information is accessible by ROWAN when needed.

...

  1. Confidentiality the expectation that only authorized individuals, processes, and systems will have access to ROWAN’s information.

...

  1. Information System consists of one or more components (e.g., application, database, network, or web) that is hosted in a University campus facility and which may provide network services, storage services, decision support services, or transaction services to one or more business units.

...

  1. Integrity the expectation that UMNDJ’s information will be protected from improper, unauthorized, destructive, or accidental changes.

...

  1. Physical Safeguards physical measures, policies, and procedures to protect the University’s information assets from natural and environmental hazards, and unauthorized intrusion.

...

  1. Removable Media – including, but not limited to, CDs, DVDs, storage tapes, flash devices (e.g., CompactFlash and SD cards, USB flash drives), and portable hard drives.

...

  1. Technical Safeguards the technology and the policy and procedures for its use that protect the University’s electronic information and control access to it.

...

  1. ROWAN Community faculty, staff, non-employees, students, attending physicians, contractors, covered entities, and agents of ROWAN.

...

  1. Workstations – desktop computers and laptops.

V. POLICY

ROWAN’s workstations are provided by the University for business, academic, and research use. They must be used in accordance with the University’s policies and secured against unauthorized access.

...

  1. Information Resources and Technology (IR&T) is responsible to define base controls and configurations for workstation builds.
  2. All ROWAN IT Service Organizations or Departments managing their own workstations are responsible to incorporate the University’s baseline security controls, safeguards, and configurations into their workstation builds and to maintain an accurate and current inventory of all their workstations. Any deviation from ROWAN’s baseline security model must be documented.
  3. The Presidents and Vice Presidents of the University’s units and the Deans of the schools have ultimate responsibility for the protection of their electronic information and information systems against unauthorized disclosure, loss, or misuse. They must ensure that all members of their respective organizations follow the administrative, physical, and technical safeguards defined in this policy.

VI. NON-COMPLIANCE AND SANCTIONS

Violations of this policy may subject the violator to disciplinary actions, up to or including termination of employment or dismissal from a school, and may subject the violator to penalties stipulated in applicable state and federal statutes. Sanctions shall be applied consistently to all violators regardless of job titles or level in the organization.                                                               

...