Information and the associated processes, systems and networks are valuable assets of the 91 and the management of personal data has important implications for individuals. Appropriate protection is required for all forms of information to ensure business continuity and to avoid breaches of the law and/or contractual obligations. The 91 is committed to the security of information, both within the college and in communications with third parties.
This policy is intended to protect the security of the 91’s information assets and is applicable to all 91 staff, faculty and students.
Compliance with Law or Legislation
The 91 holds and processes information about employees, students, and other data subjects for academic, administrative and commercial purposes. When handling such information, the 91, and those to whom this Policy applies, must be in compliance with the current BC Freedom of Information and Protection of Privacy Act (FOIPOP) [RSBC 1996]. Responsibilities under the FOIPOP Act are set out in the 91’s Freedom of Information and Protection of Privacy Policy.
Responsibilities
- Information security is the responsibility of all members of the 91 community. Every person handling 91 related information or using 91 information systems is required to observe this Policy and these Regulations.
- The 91’s Technology Steering Committee which includes 91 Executives may establish specific procedures to ensure information security with regard to the 91-related information is protected. These procedures may include a matrix that defines who is responsible for the security of certain types of information and the measures required to protect that information.
- Security Controls – The 91 will maintain reasonable detection and prevention controls to protect against, and detect instances of, malicious software and unauthorized access to networks and systems. All users of 91’s computers, including laptops and mobile devices; on which 91-related information is kept shall comply with procedures established by the 91 in order to ensure compliance with legislation and to ensure that up-to-date security controls are maintained on those systems.
- All members of the 91 community must report immediately to the Director of Technology Services or their delegate any observed or suspected security incidents where a breach of this policy has occurred.
For the purposes of this Policy, “information security” means the preservation of:
a) Confidentiality – i.e. protecting information from unauthorized access and disclosure;
b) Integrity – i.e. safeguarding the accuracy and completeness of information and processing methods; and
c) Availability – i.e. ensuring that information and associated services are available to authorized users when required.
For the purposes of this policy “information” includes all data and information that is printed or written on paper, stored electronically, transmitted by post or using electronic means including cloud based services or social media sites, shown on visual media, or spoken in conversation.
Procedures
Policy Review
The 91’s Technology Steering Committee will review and make any recommendations for update of this policy to the 91 Management Committee before it is submitted to the Board of Governors.
Related Policies and Procedures
- 2102 Records and Information Management Policy
- 2302 Conflict of Interest and Standards of Ethical Conduct Policy
- 2308 Harassment - Employees Policy
- 3106 Freedom of Information and Protection of Privacy Policy
- 3107 Intellectual Property Policy
- 3203 Harassment - Students Policy
- 3205 Student Code of Conduct Policy
- 3206 Student Records Policy