BP 6-10 – Cyber Security Policy

State Board for Community Colleges and Occupational Education

BP 6-10

APPROVED:  May 28, 2020
EFFECTIVE:  May 28, 2020

REFERENCES:  Family Educational Rights and Privacy Act, 20 U.S.C. §1232g, 34 CFR. Part 99
Gramm-Leach-Bliley Act, 15 U.S.C. 6801-6809, 16 CFR. Part 314 C.R.S. § 24-73-101–103, Protection of Personal Identifying Information Act of 2018


/ Rollie Heath /
The Honorable S.R. Heath, Jr., Chair

Policy Statement

In recognition of the Board’s fiduciary responsibility to safeguard the information assets of the System, the Board adopts this Policy to implement Cyber Security Procedures to comply with applicable law and industry best practices.


This Policy applies to employees, faculty, staff, students, instructors, and volunteers at the System Office and its Colleges (CCCS or System) that utilize System data and equipment to perform functions on behalf of the System.


The Board hereby delegates to the System Chancellor the authority to implement Cyber Security procedures to protect the information assets of the System.


The System Chancellor shall promulgate procedures as necessary to implement this policy. These procedures shall assure that legal requirements are met.

Revising this Procedure

The Board reserves the right to change any provision or requirement of this policy at any time and the change shall become effective immediately.