5.23 Security and Privacy of Information Resources

Part 1. Policy

In compliance with the Minnesota State Board Policy 5.23, Security and Privacy of Information Resources at http://www.minnstate.edu/board/policy/523.html, it is the policy of Alexandria Technical & Community College to protect the security and privacy of its information resources and to make information accessible as required by law. The College shall maintain the confidentiality, integrity and availability of information resources; ensure continuity of operations; prevent, control and minimize the impact of security incidents; and manage risks to those resources regardless of the storage medium, transmission or disposal methods. Procedures, consistent with applicable System policy, procedures and other applicable standards and state and federal law, are outlined in ATCC Policy 5.23.

All uses of Alexandria Technical & Community College or Minnesota State System information resources are responsible for the privacy, security and appropriate use of those resources over which they have authority, access or control, and for compliance with applicable laws, regulations, policies procedures and other standards. Alexandria Technical & Community College shall provide appropriate security awareness resources for its users.

Part 2. Applicability

This policy applies to all users of Alexandria Technical & Community College or Minnesota State System information resources; and to all System information resources in any form or storage media, wherever located.

Part 3. Definitions

Subpart A. Access. Access means the authority to view information, and when appropriate, insert, update, delete, or download information. Access shall be authorized to individuals or groups of users depending on the application of law or System policy or procedure. Technical ability to access information is not necessarily equivalent to legal authority.

Subpart B. Information Resources. Information resources means all data collected, created, received, maintained or disseminated by Alexandria Technical & Community College and any Minnesota State user, regardless of its form, storage media or conditions of use.

Subpart C. System. System, or Minnesota State System, means the Board of Trustees, the System office, the state colleges and universities, and any part or combination thereof.

Subpart D. User. User means any individual, including but not limited to, students, administrators, faculty, other employees, volunteers and other authorized individuals using System information resources, whether or not the user is affiliated with Minnesota State.

Subpart E. Integrity. Integrity means assuring that information is kept intact, and not lost, damaged or modified.

Subpart F. Availability. Availability means assuring that information is accessible to authorized users when needed.

Subpart G. Confidentiality. Confidentiality means assuring that information is accessible only as authorized.

Part 4. Scope

Subpart A. Procedures. The College shall adopt and maintain security and privacy procedures under this policy.

Subpart B. Sanctions. Users who violate this policy or related System, college or university procedures shall be subject to disciplinary actions through appropriate channels. Violations may be referred to appropriate law enforcement authorities.

Approved by: ATCC Leadership Council
Effective Date: 12/21/2011
Last Date Revised: 12/21/2011