5250 Information and Data Security

Original Date: 6/10/2003 * Last Revision Effective: 6/20/2023
Policy Contact: Vice President, Information Technology Services

Policy

Bellevue College is committed to providing adequate security and protection of all electronic data and information within its domain of ownership and control. The college will establish procedures and standards which will guide and assist technology users in:

  •  Protecting the integrity, availability and confidentiality of information assets managed by college employees.
  •  Protecting information assets from unauthorized release or modification, and from either accidental or intentional damage or destruction.
  •  Protecting technology assets such as hardware, software, telecommunications and network infrastructure from unauthorized use or misuse.

These procedures and standards will comply with the Washington state Office of the Chief Information Officer (OCIO) policies, and will establish a shared, trusted environment for the protection of sensitive data and accomplishment of business transactions.

Applicability

This policy applies to all members of the college community, with specific duties and responsibilities placed upon departments within Information Technology Services (ITS). This policy applies to all campus facilities, equipment and services that are managed by ITS, including off-site data storage, computing and telecommunications equipment, and internet-related applications and connectivity. This policy also applies to technology services purchased from other state agencies or commercial concerns.

Intended Exemptions

It is not the intent of this policy to restrict academic freedom in any way, nor to impinge on the intellectual property rights of authorized users.

It is the intent of the college to take precautions to prevent revealing specific security policies, procedures, standards and practices containing information that may be confidential or private as it applies to college business, communications, and computing operations or employees. Therefore, this policy exercises appropriate exemptions from public disclosure granted in the OCIO Securing Information Technology Assets policy and RCW 42.56.

Persons responsible for distribution of any of related information security documents should consider the sensitive nature of the information, as well as related statutory exemptions from public disclosure before disclosing this information.

Responsibilities

Information Technology Services (ITS) Vice President

  • It is the responsibility of the ITS vice president to provide oversight and management of all tasks and processes which directly pertain to maintaining information security on campus.

Campus Technology Users

  • It is the responsibility of all members of the college community to comply with all college policies, procedures and standards, including those pertaining to information security and campus technology use.

Definitions

Office of the Chief Information Officer (OCIO)

  • The Washington state office of the chief information officer (OCIO)

Office of the Chief Information Officer Securing Information Technology Assets Policy

  • Also called the OCIO Securing Information Technology Assets policy. This is the published policy of the Washington state office of the chief information officer regarding information technology security. The purpose of this policy is to create an environment within state of Washington agencies that maintains system security, data integrity and privacy by preventing unauthorized access to data and by preventing misuse of, damage to, or loss of data.

Information Assets

  • All types of data stored or transmitted on behalf of the college. This may include (but is not limited to) employee data, student personal data or other college data.

Technology Assets

  • All software, hardware, or network infrastructure owned by the college.

Unauthorized Use

  • Any action that is in conflict or directly violates Bellevue College policies, procedures or standards for information security and campus technology usage. This also includes unlawful use in violation of local, state and/or federal law.

Information Technology (IT)

  • A term that broadly defines all types of technology-delivered resources such as information, data, databases, equipment, applications, software or web-based resources.

Policy

  • The official or prescribed plan or course or method of action selected from among alternatives used to guide and determine present and future decisions.

Security Standard

  • Criterion established by the college as an approved authoritative model, requirement, rule or principle that is to be followed or used as a basis for judgment. In order to protect college information and technology assets, the OCIO requires all state agencies adhere to current common IT security standards.

Relevant Laws and Other Resources

Revision History

Original 6/10/2003
Revision 5/21/2009; 7/28/2012; 9/13/2012; 11/19/2014; 6/20/2023

Approved By

Board of Trustees

Last Updated June 28, 2023