Policies, Regulations, Standards, Best Practices, and Procedures
º£½ÇÉçÇø’s information technology resources are subject to the district’s Board Policies, Administrative Procedures, Information Security Standards, Best Practices, and IT Procedures as well as all applicable Federal, State, and local laws.
Information Standards, Best Practices, and Procedures build one upon the other to create an integrated approach to managing the requirements set forth in Board Policy and Administrative Procedures.
Users of District information resources found to have violated Administrative Procedures may be subject to disciplinary action (AP 3720 – Computer and Network Use).
The following documents are posted for ease of reference.
Board Policy and Administrative Procedures
- BP 3720 - Computer and Network User
- AP 3720 – Computer and Network Use
- AP 3725 - Accessibility of Information and Communication Technology (ICT)
- AP 5800 - Prevention of Identify Theft in Student Financial Transactions
- AP 5040 - Student Records, Directory Information, and Privacy
Information Security Standards (ISS)
Designed to support and enforce Administrative Procedures, Standards are baseline directives that can be linked directly to industry-recognized security frameworks.
- California Community College Information Security Standard
- Data Classification Standard
- Information Security Plan
- Access Control
- Disaster Recovery
- Incident Response
- Security Awareness Training
- Vulnerability Management
Information Security Best Practices (ISBP)
Designed to augment Standards, Best Practices are industry-recognized methods and techniques that produce superior results to commonly accepted alternatives.
- Multi-Factor Authentication
- OneDrive: Managing Files, Folders, and Shares
- Passwords and Passphrases
- Working Remotely
Information Security Procedures (ISPR)
Procedures are the formal methods by which Procedures, Standards, or Best Practices are conducted.
- Accessibility Assessment for Information and Communication Technology (ICT)
- Disposal, Donation, and Transfer of Computer Equipment
- Incident Reporting
- Remediating PII in OneDrive
- Remediating PII in Outlook
- Requests for Information and Communication Technology (ICT)
- Sharing Files and Folders in OneDrive
- Vendor Risk Management
Compliance and Privacy
- The California Consumer Privacy Act (CCPA)
- The Gramm-Leach-Bliley Act (GLBA)
- The Family Education Rights and Privacy Act (FERPA)
Exceptions
Exceptions to information security requisites (procedures, standards, etc.) shall be granted only when (1) such a requirement imposes an undue burden on a specific business process, and (2) compensating controls of equitable protection can be provided.