资讯科技政策

富兰克林 & PG电子, like all colleges and universities, is responsible for maintaining the integrity of a wealth of personal, sensitive, and confidential information collected during the course of normal business 操作. 金融，医疗，还有 academic records include details such as social security numbers, bank accounts, and credit card numbers -- details which are protected by federal and state laws, industry 规章制度和合同义务. The exposure of such sensitive information could cause irreparable harm to the College or individual members of this community. Therefore, it is imperative that all members of the College community work to diligently protect information to which they are granted access.

This information security policy is not intended to impede the fundamental teaching or research missions of the College; rather, we aim to balance information security with community members’ needs to conduct their work. 应该有哪些方面的信息 security policy obstruct teaching, learning, academic freedom, or research endeavors, appropriate provisions will be made to allow these essential functions to proceed 以安全的方式.

富兰克林 & PG电子(F)&M) 资讯保安政策 provides the College’s senior staff, College Infrastructure Committee (CIC), Chief Information Officer(CIO), and Chief Information Security Officer (CISO) with direction and support, establishes an implementation framework for security, and ensures compliance of information security 在F&M. At their discretion, the College Infrastructure Committee reserves the right to modify this policy at any point in time.  当前组件包括 the 资讯保安政策 may be found in the ITS 技术 政策 repository.

II. 范围

This policy applies to all members of the F&M社区，其中包括但不是 limited to employees, students, alumni, visitors, volunteers, third parties, contractors, consultants, clients, temporaries, and others (collectively known as “users”), who have access to, support, administer, manage, or maintain F&M信息资产.  “Information assets” are defined as the computers, communications facilities, networks, data, and information that may be stored, processed, retrieved or transmitted by them, including programs, specifications, and procedures for their operation, use and maintenance.

3. 定义

IV. 政策

The 资讯保安政策 provides a framework for defining the necessary technological and procedural controls necessary to ensure the confidentiality, integrity, and availability 大学数据和信息系统.  学院的高级职员已经批准 and endorsed this 资讯保安政策.  首席信息官(CIO) and Chief Information Security Officer (CISO) are responsible for development, maintenance, and enforcement of the 资讯保安政策.

政策例外 范围

This policy defines the procedures that will be followed by College personnel to identify any exceptions to policies that must occur in order to successfully complete College 操作. It outlines the documentation that must be completed as well as the approvals that must occur before 一个例外 to policy will be allowed.

政策声明的例外情况

In instances where there is a justifiable need to perform actions that are in conflict 与F&M policy standards, management will consider providing a waiver for these exceptions. In almost all cases, alternative methods which do not conflict with policy can be deployed to solve any given business need.  Only when such options have been exhausted 会考虑例外吗.  F&M recognizes, however, that policies cannot be created and enforced which address 100% of all community issues. 异常是设计好的 促进新F&M needs, or to address areas where technological changes are not 由现行政策处理. However, it is the responsibility of management to 理解并降低风险.

Any exceptions will be documented and will be reviewed on a periodic basis as appropriate for the level of risk to the College presented by 一个例外 and the amount of operational oversight and technical configurations necessary to enable and manage 一个例外.

的指导方针

Requests for exceptions to policies must have a justifiable reason documented and must have the necessary approvals to be considered valid. 例外情况必须得到批准 and signed by the Data Steward and/or Data Owner, the Chief Information Security Officer, 和首席信息官. Once approved, exceptions to policy will be valid for a period of no more than one year at which time 一个例外 must be re-evaluated ,还是再度.

-----
政策由以下机构维持: Information 技术 Services, Associate Vice President and Chief Information Officer
Original Effective Date: September 1, 2019
上次审查:2022年9月14日