Pine Technical College Policy an

Pine Technical College
Policy and Procedure

Policy Number: 701 Date: 09/19/2000 Revision Date:
Division/Department: Information Systems Author: Ken Ries
Subject: Information Security

Authorities:
MnSCU, MN Department of Finance, MN Department of Administration, PTC internal policy and related legislation.

Purpose:
The purpose of this policy is to define the information security policy standards for Pine Technical College.

Policy:
Computer Security:
Employees may not gain or attempt to gain unauthorized access to restricted areas or files on any Pine Technical College computer systems including bypassing Pine Technical College's data protection measures or uncovering security loopholes.
Employees may not alter any software protections or restrictions placed on computer applications, files, or directories without authorization.
Employees are responsible for respecting the privacy of others.
Employees may not alter or copy a file belonging to another employee without first obtaining permission from the owner of the file. Monitoring or accessing another employee's information may not be done without business reasons and authorization. The capability to access a file belonging to another employee does not imply permission to read, alter, or copy that file.

Passwords:
Employees are responsible for safeguarding passwords and access codes they use to access computer and telecommunication systems.
All activity generated from the employee's ID and passwords are the responsibility of the owner.
Employees may not use an ID, access code or password not assigned to them.
Employees may not disguise their identity while using the computer systems.
Use of passwords to gain access to the computer systems, particular files or messages does not imply that employees should have an expectation of privacy in the material they create or receive on the computer systems.

Suspected policy violation:
All suspected information security violation must be immediately reported to the Dean of Administrative Services or the Technology Director.
Upon receipt of a suspected violation the Dean of Administrative Services and the Technology Director will meet to determine the appropriate action based on this and other related policies.
Failure to report suspected information security violations is a violation itself.

Procedure:
Obtaining access to computer resources:
PTC computer resources:
Novell file server and GroupWise email accounts are created for all PTC employees. The process for creating accounts is as follows:

When a new employee is hired the Dean of Administrative Services will notify the Technology Director of the employee's start date, correct spelling of their name and the name of their immediate supervisor.
The Technology Director will create the new employee's account and create an informational packet for the new employee and deliver it to the new employee's immediate supervisor.
Access to PTC specific applications is managed through the use of groups. Access to these applications will be granted upon receipt of an email requesting access from the employee's immediate supervisor.
Changes to active accounts should be requested via an email to helpdesk from the employee's immediate supervisor. If additional information or approval is required for the change ITS staff will address the issue with the appropriate staff.
Dean of Administrative services will notify the Technology Director of employment status change in a timely manner. The Technology Director will disable system access corresponding to the date of the change. In the case of termination the Dean of Administrative Services will notify the Technology Director prior the employees end of employment and all system access will be disabled.

Access to MAPS, SEMA4 and other Business Office Specific applications are granted based on both PTC and State policies. The process for creating accounts is as follows:

The Dean of Administrative Services manages access requests for Business Office applications.
The Dean of Administrative services will process the security requests with the appropriate party and provide the user with the required account information.
The Dean of Administrative Services will notify the ITS department of the employees application needs via an email to helpdesk. The ITS department will ensure that the application is available to the user on the users workstation.
In the case of an employment status change the Dean of Administrative services will disable system access corresponding to the date of the change. In the case of termination the Dean of Administrative Services will disable system access prior the employees end of employment.

Access to ISRS and the Replicated Database granted based on both PTC and MnSCU policies. The process for creating accounts is as follows:

Access requests for ISRS and the Replicated database are managed departmentally. The supervisor listed below is responsible for approving access and completing and processing the appropriate forms.
V.P. of Academic Affairs, All academic department employees
Dean of Administrative Services, All Business Office employees
Dean of Student Affairs, All student services employees
The complete MnSCU process for requesting ISRS and replicated database access can be found at: http://www.its.mnscu.edu/forms/mnscusecaccess.html
In the case of an employment status change the employee's supervisor as defined above will process the request to disable system access corresponding to the date of the change. In the case of termination the supervisor will process the request to disable system access prior the employees end of employment.

Obtaining access to telecommunication resources:
Long distance telephone access codes:
Telephone access codes will be established for employees utilizing Pine Technical College's telephone system
The creation and deletion of long distance access codes will follow steps 1, 2, 4 and 5 in the section on Novell and GroupWise accounts above.

Voice mail access codes:
Voice mail accounts will be established for employees utilizing Pine Technical College's telephone system.
The creation and deletion of long distance access codes will follow steps 1, 2 and 5 in the section on Novell and GroupWise accounts above.
Although the voice mail system does not require password changes it is recommended that you periodically change your voice mail password.
Changes to voice mail accounts should be requested via an email to helpdesk directly from the employee. If additional information or approval is required for the change ITS staff will address the issue with the appropriate staff.

Other systems requiring access codes:
Copier access codes:
The Business Office administers copier access codes.

Responsibilities:
Technology Director: Create, delete, and assign access codes and login ID's for the Novell network systems, voice mail, long distance access and investigating policy violations.

Dean of Administrative Services: Notify the Technology Director of new hires and employment status changes and terminations, coordinating Business Office application security and MnSCU system security for Business Office staff and investigating policy violations.

Dean of student Affairs: Coordinating MnSCU system security for Student Services staff.

VP of Academic Affairs: Coordinating MnSCU system security for Academic Affairs staff.

ITS Staff: Setup up application access and make changes to accounts as defined above.

Business Office staff: Administration of copier codes.

All faculty and staff are responsible for compliance with the information security policy and reporting suspected policy violations.

Dissemination:

Reviewed by Leadership Team: 09/25/00
Reviewed by Faculty Senate: N/A
Reviewed by:
Approved: 09/25/00