Information Security Policy

  • Issue Date: April 2007
  • Revision Date: July 2019
  • Expiration Date: N/A

  1. Policy Statement

    California State University, Long Beach (黑料网) recognizes its affirmative and continuing responsibility to protect the confidentiality, maintain the integrity, and ensure the availability of its information assets.  Unauthorized modification, deletion, or disclosure of information assets can compromise the integrity of the mission of 黑料网, violate individual privacy rights, and possible constitute a criminal act.  It is the policy of California State University, Long Beach to ensure:

    • confidentiality of personally identifiable information;
    • integrity of data stored on or processed by 黑料网 information systems;
    • availability of information stored or processed by 黑料网 information systems;
    • maintenance and currency of applications installed on 黑料网 information systems; and
    • compliance with applicable laws, regulations, and CSU/黑料网 policies, standards, and procedures governing information security and privacy protection.

  2. Scope

    The 黑料网 Information Security Policy applies to:

    • Information assets that are acquired, transmitted, processed, transferred and/or maintained by CSU Long Beach or CSU Long Beach auxiliary organizations;
    • All media in which the information asset is held (e.g., paper, electronic, oral, etc.)
    • All data systems and equipment including departmental, divisional or other ancillary systems and equipment as well as data residing on these systems and equipment;
    • All faculty, staff, administrators, students, and consultants employed by 黑料网 or 黑料网 auxiliary organizations having access to CSU information assets; and
    • Personal electronic devices of 黑料网 faculty, staff, and administrators which access information technology resources.

  3. Responsibilities

    Information security roles and responsibilities are intended to support the University鈥檚 information security program. These roles and responsibilities include, but may not be limited to the following:

    1. University Information Security Officeris an appropriate administrator designated by the President and delegated authority for implementing this policy; developing standards and procedures to support this policy; developing appropriate training and informational materials; and assessing and ensuring the University鈥檚 compliance with applicable laws, regulations, and CSU and University policies, standards and procedures regarding information security.
    2. Division Information Security Officers are management employees designated by each Vice President, the director Athletics, and each 黑料网 auxiliary organization who serves as a conduit between the University Information Security Officer and their respective division/area and who work closely with the University Information Security Officer to guide compliance with established 黑料网 information security policies, standards and procedures.
    3. Custodians of Records are appropriate administrators designated by the Vice President, Administration and Finance who are responsible for 1)accepting and responding to subpoenas, court orders or other compulsory legal processes involving the release of University records; 2)accepting and responding to requests for records made pursuant to the California Public Records Act; or 3)ensuring compliance with the CSU records/information retention and disposition schedules.
    4. University Administrators are mangers or supervisors included in the Management Personnel Plan or equivalent in 黑料网 auxiliary organizations who are responsible for ensuring compliance with established information security policies, standards and procedures within their respective college, department, administrative area or organization.
    5. Faculty, Staff and Employees of 黑料网 Auxiliary Organizationswho in the course and scope of their duties and responsibilities access, collect, distribute, process, store, use, transmit or dispose of 黑料网 information assets are responsible for following established information security polices, standard and procedures.

  4. POLICY COMPLIANCE

    The University reserves the right to temporarily or permanently suspend, block, or restrict access to information assets when is reasonably appears necessary to do so to protect the confidentiality, integrity, availability, or functionality of those assets.

    Any disciplinary action resulting from violations of this policy or program supporting policies, standards or procedures shall be administered in a manner consistent with the terms of the applicable collective bargaining agreement and/or the applicable provisions of the California Education Code. Student infractions of this policy or supporting policies, standards or procedures may be referred to the Office of Student Judicial Affairs. Third party service providers who do not comply with established information security policies, standards or procedures may be subject to appropriate actions as defined in contractual agreements.

  5. POLICY MANAGEMENT

    This policy shall be reviewed and if necessary updated annually by the University Information Security Officer.

FURTHER INFORMATION

Information Security Office
security@csulb.edu