Governance
Shared governance is a strong tradition in higher education. CWU exemplifies this in our core values by stating that our institution is "a place where people gather to live and to work. It must therefore be a place that enables people to grow and to prosper. In keeping with the academic values of shared governance and reasoned dialog, the university must be open, transparent, and empowering" (CWU, 2021).
In support of this commitment to shared governance, the CWU information security program leverages input from governance groups, with the understanding that information security needs to be part of the University’s strategic planning process. These governance groups represent the wide range of constituents who are impacted by information security and privacy needs. This includes leaders from business units, academic colleges, technology support departments, and various compliance functions.
Data Governance Framework
The PeopleSoft Security and Governance Framework provides information on the governance structure as it pertains to PeopleSoft.
Policies and Guidance
Central Washington University Security Services department is responsible for coordinating the development and dissemination of information security policies, standards, and guidelines for the institution. Security Services is also responsible for coordinating various regulatory compliance efforts as they relate to information technology systems.
Policy Framework
The following policies and procedures were approved on June 4th, 2014 by the University Policy Advisory Committee (UPAC). They are intended to serve as the foundational governance framework for future policies, procedures, and guidelines.
- Policies
- 2-70-010 Information Security and Privacy Roles and Responsibilities
- 2-70-020 Data Classification and Usage Policy
- 2-70-030 Information Security and Privacy Incident Management Policy
- 2-70-040 Payment Card Policy
- 2-70-050 Information Security Controls
- 2-70-080 Identity and Access Management Framework
- Procedures
- Standards
- Regulatory Reference
- Washington State RCW 43.41A.027 - Security Standards and Policies
- Washington State RCW 19.255.010 - Disclosure, Notice - Definitions - Rights, Remedies
- Washington State RCW 42.56.420 - Security
- Washington State OCIO Policy No. 141 - Securing Information Technology Assets
- Washington State OCIO Policy No. 141.10 - Securing Information Technology Assets Standards
- PCI Security Standards Council
- Family Educational Rights and Privacy Act 34 CFR Part 99 (FERPA)
- Health Insurance Portability and Accountability Act of 1996 (HIPAA)
This page contains links to websites outside of www.cwu.edu. The views and opinions expressed on unofficial pages of Central Washington University faculty, staff or students are strictly those of the page authors. The content of such pages has not been reviewed or approved by Central Washington University.