You are here

Information Security Program

Establishing and Maintaining an Information Security Program

Overview

Students have a right to know that their information is being kept in a secure Information Technology environment.

Policy Statement

The Vice President for Information Technology is responsible for establishing and implementing an information security program that contains administrative, technical, and physical safeguards designed to protect campus information assets.

The information security program must implement a risk-based, layered approach that uses preventative, detective, and corrective controls sufficient to provide an acceptable level of information security and must be reviewed at least annually to ensure compliance with industry standards and best practices.

The Information Security Program must:

  • Document roles and responsibilities for the information security program.
  • Provide for the confidentiality, integrity and availability of information, regardless of the medium in which the information asset is held or transmitted (e.g. paper or electronic).
  • Develop risk management strategies to identify and mitigate threats and vulnerabilities.
  • Establish and maintain an information security incident response plan.
  • Maintain ongoing security awareness and training programs.
  • Comply with applicable laws, regulations, and Ohio Christian University policies.

Applicability

This is a university wide policy

Responsibility

Vice President for Information Technology

Contact Information

Ryan Whisler
740-477-7721
rwhisler@ohiochristian.edu


Security of Physical Records

OCU follows the regulations on security of physical student records of the Association of Biblical Higher Education, section 11.C "Academic Patterns and Procedures."  All physical student records are placed under a two key-lock system and all FERPA regulations are followed.