Main Menu

Information Security & Privacy Policy


Information assets including data, computing devices, systems technology, telephony, and IT resources are vital to Shepherd University’s ongoing mission of discovery, learning, and engagement. All information assets and IT resources must be protected throughout various phases of their useful life, including when created, collected, stored, transferred, purged, and ultimately destroyed. To support its mission, Shepherd University requires certain administrative, technological, and physical safeguards must be in place to adequately protect information assets and IT resources.


Shepherd University information assets including data, computing devices, systems technology, telephony, and IT resources shall be used in an approved, ethical, and lawful manner to avoid loss and/or damage to Shepherd University data, operations, image, or financial interests. All affiliated information/technological data should be considered as confidential and proprietary, thus every effort to protect its integrity should be made.

A trusted, secure, and effective IT environment is vital to the continuing success of Shepherd University; thus, we will:
1. Establish, sustain, and control a secure IT environment consisting of internal controls designed to maintain, facilitate, and promote adequate protection of information assets and IT resources through standards, protocols, policies and guidelines, and training.
2. Identify and classify information assets and IT resources according to their use, sensitivity, and importance to Shepherd University and in compliance with federal and/or state laws.
3. Facilitate collaboration and communication among stakeholders, data custodians, and members of the campus community to aid in protecting information assets and IT resources, with the recognition of the ability to quickly adapt to emerging technologies.
4. Ensure that access to information assets and IT resources is governed by effective role-based access controls, managed by the Director of IT Services / Information Privacy Officer, that enables users to fulfill the responsibilities of their position.
5. Manage risks to information assets and IT resources through appropriate administrative, technological, and physical controls to protect from unauthorized access or modification, misuse, or damage.

Use of information assets and IT resources is a privilege and not a right. All users are responsible for the actions performed on or transmitted with any Shepherd University information asset and/or IT resource. Violations of this policy, or any other Shepherd University policy, may result in revoked or limited technology privileges, as well as other disciplinary action up to and including expulsion, termination, or referral to appropriate authorities.


Shepherd University seeks to maintain its IT environment and manage all information assets including data, computing devices, systems technology, telephony, and IT resources in a manner that respects individual privacy and promotes user trust. However, the use of Shepherd University IT resources is not completely private, and users should have no expectation of privacy in connection with the use of any information asset or IT resource.

Shepherd University has the legal right to access, preserve, and review all information stored on or transmitted through any information asset or IT resource, including the inspection of e-mail messages, logging of activities, monitoring usage patterns, and data audits/integrity checks. IT Services may, with or without notice to users, take any other action it deems necessary to preserve, secure, and protect systems, information assets, or IT resources for the betterment of Shepherd University. Without limiting its right to take action, Shepherd University may, at its sole discretion, disclose the results of any general or individual monitoring or access permitted by this policy, including the contents and records of individual communications, to appropriate Shepherd University personnel and/or law enforcement agencies.


This policy applies to all users, such as students, faculty, and staff of Shepherd University and to other persons accessing Shepherd University information assets and/or IT resources including but not limited to authorized agents or community members, regardless of whether such information asset or IT resource is accessed from on-campus or off-campus.


All Shepherd University students, faculty, staff, and other parties with access to Shepherd University information assets and IT resources shall be responsible for:


• Usage of all information assets and IT resources in compliance with all applicable laws and Shepherd University policies, standards, guidelines, regulations, and procedures.
• Physically secure and safeguard information assets and IT resources within the user’s possession and control, including abiding with the safe handling of data.
• Understand and comply with the guidance provided by this policy, as well as applicable compliance programs and affiliated awareness trainings.
• Promptly report any suspected violation of this policy, any security events, and/or incidents involving a suspected compromise of a user’s account or IT resource to




• Family Educational Rights & Privacy Act (FERPA) Training
• Gramm-Leach-Bliley Act (GLBA) Training

BOG#35: Information Technology Security
Acceptable Use Policy
E-mail Policy
Data Classification Policy
Data Incident Notification Policy
International Travel Security Policy
Password Guidelines
Social Security Number Guidelines
Work from Home / Remote Access Guidelines

POLICY: Information Security & Privacy Policy
IMPACT: Data, Technology, and IT Resources
CREATED: August 18, 2021
REVIEWED: February 19, 2024; November 28, 2022
APPROVED BY: CIO/CISO – Information Privacy Officer