Security Services

Governance and Polices

Shared governance is a strong tradition in higher education.  CWU exemplifies this in our core values by stating that our institution is "a place where people gather to live and to work. It must therefore be a place that enables people to grow and to prosper. In keeping with the academic values of shared governance and reasoned dialog, the university must be open, transparent, and empowering."

In support of this commitment to shared governance, the CWU information security program leverages input from governance groups, with the understanding that information security needs to be part of the University’s strategic planning process. These governance groups represent the wide range of constituents who are impacted by information security and privacy needs. This includes leaders from business units, academic colleges, technology support departments, and various compliance functions.

Policy Framework

The following policies and procedures were approved on June 4th, 2014 by the University Policy Advisory Committee (UPAC). They are intended to serve as the foundational governance framework for future policies, procedures, and guidelines.

Polices

Central Washington University Security Services department is responsible for coordinating the development and dissemination of information security policies, standards, and guidelines for the institution. Security Services is also responsible for coordinating various regulatory compliance efforts as they relate to information technology systems.

2-70-010   Information Security and Privacy Roles and Responsibilities
2-70-020   Data Classification and Usage Policy
2-70-030   Information Security and Privacy Incident Management Policy
2-70-040   Payment Card Policy
2-70-050   Information Security Controls

Procedures 

7-70-010 Information Security and Privacy Management Procedure
7-70-050 Payment Card Procedures

Regulatory Reference

Washington State RCW 43.41A.027 - Security Standards and Policies
Washington State RCW 19.255.010 - Disclosure, Notice - Definitions - Rights, Remedies
Washington State RCW 42.56.420 - Security
Washington State OCIO Policy No. 141 - Securing Information Technology Assets
Washington State OCIO Policy No. 141.10 - Securing Information Technology Assets Standards
PCI Security Standards Council
Family Educational Rights and Privacy Act 34 CFR Part 99 (FERPA)
Health Insurance Portability and Accountability Act of 1996 (HIPAA)