Information Security
When you log into Colleague, before getting to your screens and menus, you are presented with a CONFIDENTIALITY STATEMENT that you must agree to by clicking “OK”. Of course, we know that you read this statement carefully each day before agreeing to it, so this will serve only as a gentle reminder of what regulations you are bound by.
The College’s Information Security Policy spells out what data you are allowed to access and what data you are allowed to disclose. By College regulations, you may only access information that is required to perform your duties. So, for example, looking up a friend’s address or birthdate just because you want to, is an infraction of Policy.
But there is more to it. The College’s information is categorized according to the data’s confidentiality impact, so that appropriate safeguards can be applied. The confidentiality impact level High (Level 1), Moderate (Level 2) or Low (Level 3) indicates the potential harm that could result to the individuals and/or the College if confidential information were inappropriately accessed, used, or disclosed. Each of the three security categories, or levels, has accompanying sets of measures. Level 1 has the tightest security controls to protect the most sensitive, high-risk confidential data. Level 2 measures protect additional confidential data. Level 3 controls protect the College’s enterprise-specific data.
Please review the Information Security Policy to make sure that you are confident knowing what you can access, store and disclose. Remember, the term ”Information” refers to electronic data in an application system, in a local file, as well as printed material. The regulations surrounding PII (Personally Identifiable Information) such as SSN, birthdate, and financial information, are particularly strong in order to protect the College from Data Security Breaches, which are often caused by careless business practices. If you are responsible for storing or disclosing any PII data, learn the procedures to protect the data, such as encryption.
All IT policies can be found at: https://www2.naz.edu/its/security-privacy-policies/policies/
The College’s Information Security Policy spells out what data you are allowed to access and what data you are allowed to disclose. By College regulations, you may only access information that is required to perform your duties. So, for example, looking up a friend’s address or birthdate just because you want to, is an infraction of Policy.
But there is more to it. The College’s information is categorized according to the data’s confidentiality impact, so that appropriate safeguards can be applied. The confidentiality impact level High (Level 1), Moderate (Level 2) or Low (Level 3) indicates the potential harm that could result to the individuals and/or the College if confidential information were inappropriately accessed, used, or disclosed. Each of the three security categories, or levels, has accompanying sets of measures. Level 1 has the tightest security controls to protect the most sensitive, high-risk confidential data. Level 2 measures protect additional confidential data. Level 3 controls protect the College’s enterprise-specific data.
Please review the Information Security Policy to make sure that you are confident knowing what you can access, store and disclose. Remember, the term ”Information” refers to electronic data in an application system, in a local file, as well as printed material. The regulations surrounding PII (Personally Identifiable Information) such as SSN, birthdate, and financial information, are particularly strong in order to protect the College from Data Security Breaches, which are often caused by careless business practices. If you are responsible for storing or disclosing any PII data, learn the procedures to protect the data, such as encryption.
All IT policies can be found at: https://www2.naz.edu/its/security-privacy-policies/policies/