IT Standards

OIT will institute overarching security programs that provide guidance in the creation and management of controls to protect College IT resources, including hardware, software, and data.

IT01001 – Network and Information Security and Privacy Program (NISPP).
 
IT01002 – GLBA/FSA/PCI/FERPA Security Program
 
IT01003 – Information Privacy Program

OIT will put in place appropriate IT Standards to ensure a safe, compliant, and properly risk-managed computing and network environment to meet the College requirements. The IT Standard Development Process will ensure that Standards emanating from all areas of OIT are properly developed, approved, and implemented.

IT02001 – IT Standard Development and Maintenance Process.
 
IT02002 – IT Compliance Hierarchy

OIT will work with individual College units/departments to help them identify the information assets they control, the level of protection necessary to protect information depending on how it is classified, and what access to data is necessary to support their business processes. Different levels of security and access need to be determined for each level of data sensitivity within the College.

IT03001 – IT System and Data Backup and Restoration Standard.
 
IT03003 – Web System and Folder PII Scanning Standard
 
IT03004 – Data Disposal Standard

OIT will work with College Users to implement appropriate measures that should be taken when using technology resources to ensure the confidentiality, integrity, and availability of College information, and that access to sensitive information is restricted to authorized users.

IT04001 – IT Resource Authentication Standard
 
IT04002 – System and Application Access Management Standard
 
IT04003 – Remote Access Standard
 
IT04004 – Banner Admin Data Access & Security Management Standard
 
IT04005 – Workday Access & Security Management Standard

The OIT must manage its software and hardware assets appropriately, in a manner that ensures control and tracking of all assets at any given moment.

IT05002 – Network Printer Configuration and Security Standard
 
IT05003 – Server Configuration and Security Standard
 
IT05004 – Server Patching Standard
 
IT05005 – Infrastructure Monitoring Standard
 
IT05006 – Data Center Racking Standard

OIT will deploy multi-layered protection throughout its network to prevent introduction of malicious code or unauthorized access into the College’s information systems.

IT06001 – Network Firewalls & Routers Standard
 
IT06004 – Network Power Closet Standard

OIT will manage how changes are made to College systems, infrastructure, and applications to minimize issues that may arise through change and to ensure that any changes meet College and OIT standards.

IT08001 – Change Management Standard
 
IT08002 – Production Maintenance Window Standard
 
IT08003 – Production Change Blackout Periods Standard

OIT will work with individual College departments to help them determine and manage the risks of handling information. Risk assessment is an important part of any information security process and will help in assigning priorities for implementing controls, mitigating risk, and accepting risk. OIT also will work with College departments as a resource to help ensure compliance with existing information security requirements, whether required by laws or by contract, including but not limited to FERPA, PCIDSS and GLBA.

IT09002 – Vulnerability Management Standard
 
IT09003 – Third Party Review Standard
 
IT09004 – Credit Card Processing/E-Commerce Standard
 
IT09005 – TouchNet End-to-End Encryption (E2EE) Device Security Management Standard
 
IT09006 – DMCA Notice Response Standard

OIT will establish and maintain a security incident response capability.

IT11001 – Cybersecurity Incident Response Standard

OIT should have appropriate physical security for facilities housing IT personnel and systems, as well as critical information systems and information assets wherever they may be located.

IT12001 – OIT Facility Access Standard