• Policy Number: IT-P-002
  • Version Number: 1.0
  • Classification: Information Technology
  • Responsible University Office: Information Technology
  • Effective Date: December 11, 2017
  • Date Last Reviewed: December 11, 2017
  • Date of Next Review: December 11, 2018

Purpose

The Information Security Policy provides a structure that will document requirements and guidelines to: establish accountability and prudent and acceptable practices regarding the use and safeguarding of Elon University’s information resources; protect the privacy of personally identifiable and other regulated information contained in the data that constitutes part of its information resources; ensure compliance with applicable policies and state, federal, and international laws regarding the
management and security of information resources; and educate individual users with respect to the responsibilities associated with use of the university’s information resources.

In addition, this policy serves as the foundation for the university’s information security program, and provides the Information Security Office the authority to implement policies, practice standards, and/or procedures necessary to implement a successful information security program in compliance with this policy.

Scope

This policy applies to:

  • All Information Resources owned, leased, operated, or under the custodial care of Elon University;
  • All Information Resources owned, leased, operated, or under the custodial care of third-parties operated on behalf of Elon University; and
  • All individuals accessing, using, holding, or managing Information Resources on behalf of Elon University.

Definitions

Information Resources – any and all computer printouts, online display devices, storage media, and all computer-related activities involving any device capable of receiving email, browsing Web sites, or otherwise capable of receiving, storing, managing, or transmitting data including, but not limited to, mainframes, servers, network infrastructure, personal computers, notebook computers, hand-held computers, smart cards, distributed processing systems, network attached and computer controlled equipment (i.e. embedded technology), telecommunication resources, network environments, telephones, fax machines, and printers. Additionally, it is the procedures, equipment, facilities, software, and data that are designed, built, operated, and maintained to create, collect, record, process, store, retrieve, display, and transmit information. Portions of the language in this document have been adapted with permission from The University of Texas at Austin.

Policy Statement

It is the policy of the university to:

  • Protect Information Resources based on risk against accidental or unauthorized disclosure, modification, or destruction and assure the confidentiality, integrity, and availability of university data;
  • Appropriately reduce the collection, use, or disclosure of social security numbers contained in any medium, including paper records;
  • Apply appropriate physical and technical safeguards without creating unjustified obstacles to the conduct of the scholarship, business, and research of the university and the provision of services to its many constituencies;
  • Comply with applicable state and federal laws and Elon University rules governing information resources.

 

Portions of the language in this document have been adapted with permission from The University of Texas at Austin.