Computing Policies

The Office of Information Technology manages several University policies, standards, and guidelines.

Acceptable Use
The purpose of this policy is to establish minimum criteria for acceptable use of information systems.

Access Management
The purpose of this policy is to mandate requirements for access management controls across the technological environment. This policy will aid in managing access to its information systems.

Cloud Security
This policy describes secure practices for use of cloud software and storage services. It also highlights security risks introduced by storing sensitive data in the cloud and mandates the protection of data stored by Cloud Service Providers with appropriate technological controls.

Data Classification
The purpose of this policy is to define the risk-based approach for the categorization of data assets. This policy describes categories to which all of the data types should be mapped to help protect data in a consistent and appropriate manner.

Data Protection
This Data Protection Policy mandates proper protections around the access, transmission, and storage of data. This policy requires protection of data at-rest and in-transit with appropriate security measures, in order to support adherence to legal and regulatory data protection obligations.

Electronic Communications
The purpose of this policy is to outline appropriate use of electronic communication resources. This policy also strives to support the Office of Information Technology in maintaining a safe and welcoming environment by defining unacceptable forms of electronic communications.

Incident Response
The purpose of the Incident Response Policy is to mandate Incident Response activities. Incident Response activities must be driven by a framework to respond quickly, decisively, and appropriately to an incident.

Policy Lifecycle and Governance
The Policy Lifecycle and Governance Policy is the institutional policy that creates the management framework for all polices created, modified, or archived.

Risk Management
The purpose of this policy is to address organizational risk through Risk Management activities. Risk Management identifies, tracks, and reports on all security risks.

Security Governance
The purpose of the Security Governance Policy is to define a model for security decision-making, specifically by escalating all major security decisions to the Cyber Security Committee. This Policy will describe the responsibilities of the Cyber Security Committee and outline how it interacts with executive management to guide the security program as a whole.

Threat and Vulnerability Management
The purpose of this policy is to establish guidance around Threat and Vulnerability activities. This policy outlines requirements for identification, assessment, and mitigation of threats to systems, and vulnerabilities within those systems. This document mandates the operational procedures required, including vulnerability scanning and assessment, patch management, and threat intelligence gathering.

Loaner Notebook Computer
The purpose of this policy is to define the method and process of properly loaning computers to faculty, staff, and students of St. George’s University, Grenada.