Information and the associated processes, systems and networks are valuable assets of the 爱豆传媒 and the management of personal data has important implications for individuals. Appropriate protection is required for all forms of information to ensure business continuity and to avoid breaches of the law and/or contractual obligations. The 爱豆传媒 is committed to the security of information, both within the college and in communications with third parties.
This policy is intended to protect the security of the 爱豆传媒鈥檚 information assets and is applicable to all 爱豆传媒 staff, faculty and students.
Compliance with Law or Legislation
The 爱豆传媒 holds and processes information about employees, students, and other data subjects for academic, administrative and commercial purposes. When handling such information, the 爱豆传媒, and those to whom this Policy applies, must be in compliance with the current BC Freedom of Information and Protection of Privacy Act (FOIPOP) [RSBC 1996]. Responsibilities under the FOIPOP Act are set out in the 爱豆传媒鈥檚 Freedom of Information and Protection of Privacy Policy.
Responsibilities
- Information security is the responsibility of all members of the 爱豆传媒 community. Every person handling 爱豆传媒 related information or using 爱豆传媒 information systems is required to observe this Policy and these Regulations.
- The 爱豆传媒鈥檚 Technology Steering Committee which includes 爱豆传媒 Executives may establish specific procedures to ensure information security with regard to the 爱豆传媒-related information is protected. These procedures may include a matrix that defines who is responsible for the security of certain types of information and the measures required to protect that information.
- Security Controls 鈥 The 爱豆传媒 will maintain reasonable detection and prevention controls to protect against, and detect instances of, malicious software and unauthorized access to networks and systems. All users of 爱豆传媒鈥檚 computers, including laptops and mobile devices; on which 爱豆传媒-related information is kept shall comply with procedures established by the 爱豆传媒 in order to ensure compliance with legislation and to ensure that up-to-date security controls are maintained on those systems.
- All members of the 爱豆传媒 community must report immediately to the Director of Technology Services or their delegate any observed or suspected security incidents where a breach of this policy has occurred.
For the purposes of this Policy, 鈥渋nformation security鈥 means the preservation of:
a) Confidentiality 鈥 i.e. protecting information from unauthorized access and disclosure;
b) Integrity 鈥 i.e. safeguarding the accuracy and completeness of information and processing methods; and
c) Availability 鈥 i.e. ensuring that information and associated services are available to authorized users when required.
For the purposes of this policy 鈥渋nformation鈥 includes all data and information that is printed or written on paper, stored electronically, transmitted by post or using electronic means including cloud based services or social media sites, shown on visual media, or spoken in conversation.
Procedures
Policy Review
The 爱豆传媒鈥檚 Technology Steering Committee will review and make any recommendations for update of this policy to the 爱豆传媒 Management Committee before it is submitted to the Board of Governors.
Related Policies and Procedures
- 2102 Records and Information Management Policy
- 2302 Conflict of Interest and Standards of Ethical Conduct Policy
- 2308 Harassment - Employees Policy
- 3106 Freedom of Information and Protection of Privacy Policy
- 3107 Intellectual Property Policy
- 3203 Harassment - Students Policy
- 3205 Student Code of Conduct Policy
- 3206 Student Records Policy