IT Policy Updates: Data Classification and Security Policy and Risk Management Plan

by

The following IT policies have been updated:

  • IT Data Classification and Security Policy (IT.PO.240) – This policy, formerly titled IT Information Sensitivity Policy, defines the classification and security requirements of data that Georgia Highlands College protects from unauthorized access and/or unintentional disclosure. Data covered by this policy includes information that is either stored or shared by any means such as electronic records, paper records, and information shared verbally or visually (telephone and video conferencing records). Confidential and personal information may be handled only by data users with 1) a legitimate operational need, 2) in support of official college operations, and 3) with the supervision and oversight of one or more data steward(s). Confidential and personal information may not be copied or transferred to any individuals who are not authorized to access it for any reason and may not be saved or transmitted using consumer (personal) cloud storage systems, such as Dropbox or Google Drive. Electronic data that may be classified as confidential or electronic data that contains PII, PHI, or any other forms of notice-triggering information must be encrypted while at rest and while in transit in accordance with the IT Encryption Policy, IT Encryption Standard, Section 5.11 of the USG Information Technology Handbook, federal law, and state law.
  • IT Risk Management Plan (IT.PL.550) – This risk management plan defines how Georgia Highlands College will form a team of qualified risk assessors in order to conduct routine information security risk assessments. This document demonstrates that the institution has a defined process and strategy for determining risk sources and categories in order to identify and analyze risks. Risk assessments should be conducted in order to communicate identified risks to personnel with data governance responsibilities and to coordinate risk management efforts.

Please review these documents from the Information Technology section of the Intranet (faculty & staff website) at your earliest convenience.