|
The California State University (CSU) is a public institution committed to the ideals of academic freedom and freedom of expression. To promote these ideals, the CSU uses and offers access to a variety of information systems, data, and network resources, hereafter referred to as information assets. This policy establishes how information assets are used and provided to users. The unauthorized collection, modification, deletion, disclosure, or misuse of CSU information assets can compromise the mission of the University, violate individuals’ rights to privacy, or constitute a criminal act.
The CSU is committed to protecting the confidentiality, integrity, and availability of information assets entrusted to the University. This policy and associated standards provide direction and support to campuses for information security in accordance with university requirements, and relevant laws and regulations.
Information security is the responsibility of all users; users must comply with all applicable CSU security policies. Compliance is necessary to ensure the confidentiality, integrity, and availability of CSU data.
The CSU retains ownership (or stewardship) of assets owned (or leased) by the CSU. The CSU reserves the right to limit access to its data and to use appropriate means to safeguard its data, preserve network and information system integrity, and ensure continued delivery of services to users. This can include, but is not limited to: monitoring communications across CSU network services, monitoring actions on the CSU information systems, checking information systems attached to the CSU network for security vulnerabilities, disconnecting information systems that have become a security hazard, and/or restricting data transported across the CSU network or posted on the CSU information systems.
Non-represented employees who do not comply with this policy may be subject to appropriate disciplinary actions. Violation of this policy by represented users may result in disciplinary action, which may only be administered in accordance with the applicable provisions of the California Education Code. Any corrective action or disciplinary action must also be consistent with the terms of the applicable collective bargaining agreement. Contracted third party persons who do not comply with this policy may be subject to appropriate actions as defined in contractual agreements or proposals of understanding. Other individuals who do not comply with this policy may be subject to criminal proceedings.
This policy applies to campus data in both electronic and non-electronic form (for example, paper and verbal conversation).
This policy may be supplemented, but not superseded, by additional policies and standards adopted by each campus. The policy must be regularly reviewed and revised as necessary in order to ensure that it meets the CSU information security goals and requirements
|
 |
