1.Purpose

This policy specifies the principles and requirements the University of North Carolina at Greensboro (hereinafter “University”) has established to protect information assets owned by or in the care of the University.

2.Scope

This policy applies to all faculty, staff, students, and any parties who interact with, access, or store University information assets or information assets in the University’s care.

3.Definitions and Roles and Responsibilities

3.1Roles and Responsibilities

Chief Information Security Officer is responsible for providing interpretation of this and other related policies and disseminating related information.

System Administrators, Developers and Integrators are responsible for the application of this and related policies to the systems, information, and other information resources in their care.

Users of the University’s information resources are responsible for the application of this and related policies to the systems, information, and other information resources which they use, access, transmit or store.

Third-party Affiliates with access to University systems and/or facilities are expected to abide by the University’s information security and privacy policies.

4.Policy

4.1

The University is committed to protecting information assets and acting as a responsible conservator of information assets entrusted to its care.

4.2

As such, the University shall comply with federal and state law, contractual obligations, and UNC System policies related to information security.

4.3

University business processes shall be consistent with the above principles, and, unless contrary to law, University policies or UNC System Policies, shall follow the UNCG Information Security Management Standards and procedures for implementation of those standards.

4.4

All University leadership, faculty, staff, and students, and relevant affiliates are required to actively support the above principles and are expected to take reasonable measures to protect information assets in their care.

5.Compliance and Enforcement

Information Technology Services (ITS), in cooperation with other University authorities and administrators, will enforce this Policy, and establish standards, procedures, and protocols in support of the policy.

Any violation of this policy by a University student is subject to the Student Code of Conduct in the Student Policy Handbook. For employees, violation of this policy will be subject to consideration as “misconduct” under EHRA policies (faculty and EHRA non-faculty) or “unacceptable personal conduct” under SHRA policies, including any appreal rights stated therein.

If violation of the policy also results in a violation of law, the violation may be referred for criminal or civil prosecution.

Additionally, violations of this policy may result in termination or suspension of access, in whole or in part, to University information systems at the discretion of ITS where such action is reasonable to protect the University or the University information infrastructure.

6.Additional Information

6.3Resources

6.4Approval Authority

The Chancellor is responsible for approval of this Policy.

6.5Contacts for Additional Information and Reporting

  • Responsible Executive: Donna R. Heath, Vice Chancellor for Information Technology Services and Chief Information Officer (CIO), drheath@uncg.edu
  • Responsible Administrator: Casey J. Forrest, Chief Information Security Officer (CISO), cjforrest@uncg.edu

Revisions

Revision Date Revision Summary
07/19/2004 Adopted as Security of Networks and Networked Data
05/01/2010 Revised as Security of Networks and Networked Data
01/15/2002 Adopted as Wireless Communications
07/16/2012 Adopted as Information Security
08/09/2021 Revised

- Information Security. Retrieved 10/18/2021. Official version at https://policy.uncg.edu/university_policies/information-security/. Copyright © 2021 The University of North Carolina at Greensboro.