COVID-19 INFO • Vaccine REGISTRATION • COVID-19 Incident REPORT
Main Menu

Information Security & Privacy Policy

PURPOSE

Information assets including data, computing devices, systems technology, telephony, and IT resources are vital to Shepherd University’s ongoing mission of discovery, learning, and engagement. All information assets and IT resources must be protected throughout various phases of their useful life, including when created, collected, stored, transferred, purged, and ultimately destroyed. To support its mission, Shepherd University requires certain administrative, technological, and physical safeguards must be in place to adequately protect information assets and IT resources.

POLICY

Shepherd University information assets including data, computing devices, systems technology, telephony, and IT resources shall be used in an approved, ethical, and lawful manner to avoid loss and/or damage to Shepherd University data, operations, image, or financial interests. All affiliated information/technological data should be considered as confidential and proprietary, thus every effort to protect its integrity should be made.

A trusted, secure, and effective IT environment is vital to the continuing success of Shepherd University; thus, we will:

1. Establish, sustain, and control a secure IT environment consisting of internal controls designed to maintain, facilitate, and promote adequate protection of information assets and IT resources through standards, protocols, policies and guidelines, and training.
2. Identify and classify information assets and IT resources according to their use, sensitivity, and importance to Shepherd University and in compliance with federal and/or state laws.
3. Facilitate collaboration and communication among stakeholders, data custodians, and members of the campus community to aid in protecting information assets and IT resources, with the recognition of the ability to quickly adapt to emerging technologies.
4. Ensure that access to information assets and IT resources is governed by an effective role-based access controls, managed by the Director of IT Services / Information Privacy Officer, that enables users to fulfill the responsibilities of their position.
5. Manage risks to information assets and IT resources through appropriate administrative, technological, and physical controls to protect from unauthorized access or modification, misuse, or damage.

Use of information assets and IT resources is a privilege and not a right. All users are responsible for the actions performed on their assigned information assets and IT resources. Violations of this policy, or any other Shepherd University policy, may result in revoked or limited technology privileges, as well as other disciplinary action up to an including expulsion, termination, or referral to appropriate authorities.

PRIVACY, OPERATIONS, and MONITORING

Shepherd University seeks to maintain its IT environment and manage all information assets including data, computing devices, systems technology, telephony, and IT resources in a manner that respects individual privacy and promotes user trust. However, the use of Shepherd University IT resources is not completely private, and users should have no expectation of privacy in connection with the use of any
information asset or IT resource.

Shepherd University has the legal right to access, preserve, and review all information stored on or transmitted through any information asset or IT resource, including the logging of activities, monitoring usage patterns, and data audits/integrity checks. IT Services may, with or without notice to users, take any action it deems necessary to preserve, secure, and protect systems, information assets, or IT resources for the betterment of Shepherd University. Without limiting its right to take action, Shepherd
University may, it is sole discretion, disclose the results of any general or individual monitoring or access permitted by this policy, including the contents and records of individual communications, to appropriate Shepherd University personnel or law enforcement agencies.

SCOPE of AFFECTED PARTIES

This policy applies to all users, such as students, faculty, and staff of Shepherd University and to other persons accessing Shepherd University information assets and/or IT resources including but not limited to authorized agents or community members, regardless of whether such information asset or IT resource is accessed from on-campus or off-campus.

ROLES & RESPONSIBILITIES

All Shepherd University students, faculty, staff, and other parties with access to Shepherd University information assets and IT resources shall be responsible for:

USERS

DIRECTOR of IT SERVICES / INFORMATION PRIVACY OFFICER

IT SERVICES STAFF


RELATED POLICIES & GUIDELINES

BOG#35: Information Technology Security
Acceptable Use Policy
E-mail Policy
Password Guidelines
Social Security Number Guidelines
Work from Home / Remote Access Guidelines



POLICY Information Security & Privacy Policy
IMPACT Data, Technology, and IT Resources
RESPONSIBLE OFFICE IT Services
CREATED August 18, 2021
REVISED August 18, 2021
APPROVED BY Director, IT Services
VERSION 22.2