SP 6-10a
APPROVED: January 28, 2021
EFFECTIVE: January 28, 2021
REFERENCES: Board Policy (BP) 6-10, Cyber Security Policy; Board Policy (BP) 3-125; Electronic Communication Policy; System Procedure (SP) 6-10b Access and Authentication; System Procedure (SP) 6-10s, Remote Access
APPROVED:
/ Joe Garcia /
Joseph A. Garcia
Chancellor
This procedure documents the acceptable use of Information Assets at the Colorado Community College System and its Colleges (“CCCS”) and is implemented to protect CCCS’s faculty, staff, students, partners and the institution from internal and external exposures, illegal or harmful actions including compromise of systems and services, legal issues, financial loss, and damage to reputation by individuals, either knowingly or unknowingly.
On an annual basis, employees shall be required to read and sign the Acceptable Use of Information Assets Agreement that indicates their understanding and acceptance of this procedure.
This procedure applies to employees, personnel affiliated via third party contracts, and volunteers that have access to Information Systems and Assets that are owned or leased by CCCS.
Information Asset
An information asset is a body of CCCS information, defined and managed as a single unit so that it can be understood, shared, protected and used effectively. Information assets have recognizable and manageable content, value, risk, and lifecycles. Information assets also include Information Systems and non-digital or physical assets which contain CCCS Information.
Information System
An information system is a discrete set of CCCS resources organized for the collection, processing, maintenance, use, sharing, dissemination, or disposition of information. An information system does include CCCS data.
Incident
An incident is an event that, as assessed by the System Information Technology (“IT”) Department (“System IT”), the College IT Department (“College IT”) or System Vice-Chancellor for Information Technology, violates the Acceptable Use of Information Assets System Procedure; violates another CCCS procedure, standard, or code of conduct; or threatens the confidentiality, integrity, or availability of Information Systems or Assets. If there is a difference of opinion, the System Vice Chancellor for Information Technology shall make the final determination of a CCCS breach.
The System Chancellor delegates to the System Vice Chancellor for Information Technology responsibility for oversight of compliance with and implementation of this procedure. Further, the System Chancellor delegates to the College Presidents the responsibility to implement and compliance with this procedure at their respective institution.
Faculty/Staff/Instructors/Volunteers/Student Workers (“Users”)
Non-Compliance
CCCS reserves the right to change any provision or requirement of this procedure at any time and the change shall become effective immediately.