The following IT policies have been updated:

• IT Email Policy (IT.PO.180) – The purpose of this policy is to define the security, privacy, and oversight expectations for official GHC email systems. This update clearly describes the security limitations of email, GHC’s responsibility to balance email privacy with our responsibility to protect state resources and comply with the Georgia Open Records Act, and under what conditions IT administrators may access another employee’s email messages.
• IT Email Standard (IT.ST.180) – Georgia Highlands College (GHC) email is provided to students and employees as a tool to assist and facilitate official operations of the institution. This standard establishes the expectations for the appropriate use of official GHC email systems. This update clarifies the use of email signatures and personal (third-party) email accounts.
• IT Identity and Access Management (IAM) Policy (IT.PO.310) – The purpose of this policy is to establish the IAM practices for provisioning, monitoring, updating, and deprovisioning system and information technology resource access for users. These processes also apply to individuals or representatives of entities in relationship through formal, informal, contract or other types of agreements who interact with GHC systems.
• IT Identity and Access Management (IAM) Standard (IT.ST.310) – Controlling access to information systems and managing user accounts is a shared responsibility among GHC’s data stewards and the Division of Information Technology (IT). For example, data stewards within the Division of Student Affairs may determine the procedures for authorizing the creation of Single Sign-On accounts for students, while one or more IT administrators may have the responsibility for ensuring a technical process exists to provision those accounts within an appropriate user account directory or database, such as Active Directory.
• IT World Wide Web Policy (IT.PO.370) – This policy ensures that employees of Georgia Highlands College (GHC) are able to publish World Wide Web content within the constraints of law, University System of Georgia policies, and policies of the institution. Content published on the Web must be professional, accurate, and regularly reviewed in order to ensure all officially provided information published is consistent with existing communications, practices, and regulatory requirements.
• IT World Wide Web Standard (IT.ST.370) – Each data steward (and their designated delegees) are responsible for ensuring that the information on their respective web pages is published and maintained with the highest editorial standards. Each school, division, or department of GHC shall define and document designated employees who will be responsible for reviewing web content annually in accordance with the data quality expectations set forth in the University System of Georgia Business Procedures Manual (BPM). Content that is informal, unprofessional, and/or contains grammatical errors is subject to immediate review and/or removal by the Division of Information Technology (IT) or Department of Marketing and Communications (MarCom).

Additionally, we have published two new IT Procedures:

• IT File Encryption (IT.PR.191) – This document describes how to use file encryption to protect the confidentiality of data stored within individual files stored on a computer or computer storage device.
• IT Business Impact Analysis (IT.PR.235) –The purpose of this procedure is to develop documentation that GHC can use to identify and prioritize information system components by correlating them to the process(es) the system supports, and using this information to characterize the impact on the process(es) if the system were unavailable.

Please review these documents from the Information Technology section of the Intranet (faculty & staff website) at your earliest convenience. Note: VPN access is required to view Intranet content from offsite.