Number: 8000.0 Revised: October 27, 2016
These information security policies augment the latest version of the CSU Information Security Policy previously adopted by CSU East Bay, but neither supplant nor diminish that policy. The intent of these supplemental policies is to protect the campus from the risks associated with information security breaches, while at the same time maintaining campus access to essential information technology functions and services. The application of these policies should therefore consistently consider how required information security controls can be implemented with minimal effect on user services. Whenever feasible, user input and collaboration should be obtained prior to the application of these policies to specific information security incidents.
These supplemental policies have the same scope as cited in the Integrated CSU Administrative Manual, Information Security Policy scope statement. This supplemental policy adds delegation to the Information Security Officer and Chief Information Officer, under the authority of the President, of all needed authority for evaluation, enforcement and implementation of all information security policies and practices campus-wide. The specific aspects of this delegated authority are delineated below. It is the responsibility of campus executive management to execute the obligations required by this policy as well as its Standards, Processes, and Guidelines.
These policies and their attachments delineate the specific practices and procedures required to manage campus-wide information security risk at CSU East Bay. Any risk acceptance or exceptions or non-compliance related to such information security policies and practice must be reviewed, documented and approved only through the campus Risk Acceptance and Exception Process.
Contact us - If you have any questions regarding privacy while using the App, or have questions about our practices, please contact us at the following email address: firstname.lastname@example.org