5.23 Security and Privacy of Information Resources
Chapter 5 - Administration
Part 1. Policy Statement. Minnesota State Colleges and Universities is committed to protecting the security and privacy of its information resources and to make information accessible to fulfill its mission of providing high quality higher education. The system shall maintain the confidentiality, integrity and availability of information resources; ensure continuity of operations; prevent, control and minimize the impact of security incidents; and manage risks to those resources regardless of the storage medium, transmission or disposal methods. Each college and university and the system office shall adopt and implement privacy and security policies, procedures, plans, programs and training for its information resources consistent with applicable system policy, procedures and other applicable standards and state and federal law.
All users of Minnesota State Colleges and Universities system information resources are responsible for the privacy, security, and appropriate use of those resources over which they have authority, access or control, and for compliance with applicable laws, regulations, policies, procedures and other standards. Each college, university and the system office shall provide appropriate security awareness resources for its users.
Part 2. Applicability. This policy applies to all users of system information resources; and to all system information resources in any form or storage media, wherever located.
Part 3. Definitions.
Subpart A. Access. Access means the authority to view information, and when appropriate, insert, update, delete, or download information. Access shall be authorized to individuals or groups of users depending on the application of law or system policy or procedure. Technical ability to access information is not necessarily equivalent to legal authority.
Subpart B. Information Resources. Information resources means all data collected, created, received, maintained or disseminated by any Minnesota State Colleges and Universities user, regardless of its form, storage media or conditions of use.
Subpart C. System. System, or Minnesota State Colleges and Universities system, means the Board of Trustees, the state colleges and universities, the system office, and any part or combination thereof.
Subpart D. User. User means any individual, including but not limited to, students, administrators, faculty, other employees, volunteers, and other authorized individuals using system information resources, whether or not the user is affiliated with Minnesota State Colleges and Universities.
Subpart E. Integrity. Integrity means assuring that information is kept intact, and not lost, damaged or modified.
Subpart F. Availability. Availability means assuring that information is accessible to authorized users when needed.
Subpart G. Confidentiality. Confidentiality means assuring that information is accessible only as authorized.
Part 4. Scope.
Subpart A. Procedures. The chancellor shall adopt security and privacy procedures under this policy.
Subpart B. Sanctions. Users who violate this policy or related system , college or university procedures shall be subject to disciplinary action through appropriate channels. Violations may be referred to appropriate law enforcement authorities.
- Guideline 188.8.131.52 Password Usage and Handling
- Guideline 184.108.40.206 Encryption for Mobile Computing and Storage Devices
- Guideline 220.127.116.11 Data Sanitization
- Guideline 18.104.22.168 Information Security Incident Response
- Guideline 22.214.171.124 Security Patch Management
- Guideline 126.96.36.199 Vulnerability Scanning
- Guideline 188.8.131.52 Anti-malware Installation and Management
- Guideline 184.108.40.206 Payment Card Industry - Technical Requirements
- Guideline 220.127.116.11 Data Backup
- Guideline 18.104.22.168 Breach Notification
- Board Policy 5.22 Acceptable Use of Computers and Information Technology Resources.
- Procedure 5.22.1 Acceptable Use of Computers and Information Technology Resources.
To view the following related statute, go to the Revisor's Web site (http://www.revisor.leg.state.mn.us/). You can conduct a search from this site by typing in the statute number.
- Minnesota Statutes Chapter 13, Minnesota Government Data Practices Act.
Date of Adoption: 4/19/06,
Date of Implementation: 4/19/06,
Date & Subject of Revisions:
11/20/13 – amended Part 1 to add the requirement that Minnesota State Colleges and Universities adopt plans, programs and training consistent with the commitment, direction, and expectations to minimize risks with regard to information resources.
11/16/11 - Effective 1/1/12, the Board of Trustees amends all board policies to change the term "Office of the Chancellor" to "system office," and to make necessary related grammatical changes.
There is no additional HISTORY for policy 5.23.