CCC's IT Security Policies set standards for protecting digital assets and data. These rules apply to all college faculty, staff, and student users and ensure data security while meeting legal requirements like FERPA. They create a safe digital environment through proper access controls and security protocols that minimize cybersecurity risks.
This policy ensures regulatory compliance in the classification and control of critical data.
This policy supports an environment where users of Clackamas Community College Electronic Information Resources receive customized privileges, ensuring they access only the data necessary for their duties. This follows the security principle of "least access" or "least privilege."
The purpose of this policy is to require a password policy that meets legal and regulatory requirements but makes passwords usable and avoids placing undue burdens upon staff members responsible for providing technical assistance to users and students needing assistance with password changes.
This policy establishes security measures for shared devices and accounts at Clackamas Community College to protect sensitive data and ensure accountability. It mandates controls for data removal, secure credential storage, and password changes upon staff departure, with exceptions requiring CIO approval.
This policy outlines Clackamas Community College’s data retention and disposal requirements, ensuring compliance with legal and regulatory mandates while minimizing security risks. It establishes procedures for securely storing, archiving, and disposing of controlled sensitive data, with exemptions and exceptions requiring leadership or CIO approval.
This policy outlines the requirements for safeguarding controlled sensitive data stored on electronic and hardcopy media, ensuring secure handling, storage, and disposal. It mandates encryption, labeling, physical security, and strict disposal procedures while aligning with applicable laws and regulations.
This policy ensures that all computing devices within Clackamas Community College networks are maintained with the latest security configurations, patches, and best practices. It outlines compliance requirements, security assessments, and remote access controls to mitigate vulnerabilities and align with regulatory standards.
This policy outlines the requirements for secure and recoverable data backups at Clackamas Community College, ensuring business continuity and compliance with legal and regulatory standards. It establishes backup schedules, retention periods, storage security, and cloud data management practices to mitigate risks of data loss and operational disruptions.
This policy establishes secure software development standards for Clackamas Community College ITS staff, ensuring adherence to industry best practices, separation of environments, and rigorous security controls throughout the software development lifecycle. It mandates code reviews, security testing, and compliance with OWASP guidelines while defining protocols for automation utilities and exceptions.
This policy ensures accurate inventory management of Electronic Information Resources at Clackamas Community College to prevent security vulnerabilities and unauthorized systems. It outlines inventory requirements, tracking procedures, and compliance measures for maintaining resource accountability.
This policy outlines CCC’s guidelines for the appropriate use of ITS resources, prohibiting unauthorized access, malicious activities, and interference with network operations to protect system integrity and data security. It applies to all employees, students, and affiliates, with exemptions for authorized ITS staff and exceptions requiring CIO approval.
This policy outlines Clackamas Community College's commitment to information security by ensuring compliance, protecting users and data, and maintaining the integrity and availability of IT resources. It establishes security as a shared responsibility while minimizing risks and disruptions to the academic mission.
This security policy outlines the key regulatory and compliance standards governing data protection, privacy, and cybersecurity. It provides references to federal, state, and industry regulations to ensure institutional compliance and safeguard sensitive information.
Policy 002 defines the overarching scope of Clackamas Community College’s cybersecurity policies, applying to all users, systems, and data unless otherwise specified. All related terminology and definitions have been consolidated into Policy 005 for consistency and ease of reference.
This policy outlines the requirements for acceptable use of Clackamas Community College’s electronic information resources, specifying compliance expectations, enforcement authority, potential violations, and consequences for non-compliance. It also clarifies that failure to enforce a policy does not waive future violations.
This policy outlines the procedures for reporting security and non-security violations at Clackamas Community College and emphasizes compliance with federal regulations, including HIPAA, GLBA, FERPA, and PCI-DSS. It also highlights the importance of safeguarding sensitive information and the consequences of non-compliance.
This policy defines key security policies and terminology governing the acceptable use, management, and protection of technological resources at Clackamas Community College (CCC). It ensures compliance with legal, regulatory, and institutional requirements while supporting a secure and efficient technology environment.
This policy establishes a Change Review Board (CRB) and a Change Management Process (CMP) to ensure that all modifications to Clackamas Community College's production environment are reviewed, assessed for risks, and properly authorized before implementation. It outlines procedures for approval, back-out planning, and security validation while requiring CIO approval for any exceptions.
This policy outlines the firewall security measures at Clackamas Community College, detailing configuration, maintenance, and access control to safeguard the network against external threats. It establishes strict procedures for managing connectivity, reviewing firewall rules, implementing security controls, and handling exemptions or exceptions.
Policy 107 establishes Clackamas Community College’s anti-malware strategy, ensuring all ITS resources are protected by approved software, regularly updated, and centrally managed. It mandates real-time alerts, log retention, and strict access controls to mitigate malware threats effectively.
This policy establishes encryption standards for Clackamas Community College to protect sensitive data at rest and in transit. It mandates the use of industry-recommended encryption protocols, secure key management, and email and wireless encryption, with exceptions requiring CIO approval.
This policy strictly prohibits unauthorized personal network devices on Clackamas Community College’s network to prevent security risks and disruptions. Any approved Network Extension Devices (NEDs) require explicit authorization, compliance with IT standards, and documented justification.
This policy outlines Clackamas Community College's incident response framework, ensuring swift and effective resolution of security incidents. It details roles, responsibilities, reporting procedures, and severity classifications, incorporating industry best practices while allowing for periodic review and improvement.
This policy defines security controls for physical access to Electronic Information Resources at Clackamas Community College, categorizing spaces and enforcing measures to mitigate risks. It ensures appropriate access management across public, classroom, private, and restricted areas while maintaining compliance with institutional security standards.
This policy establishes a structured framework for managing information security risks at Clackamas Community College, ensuring compliance with laws, adherence to industry best practices, and alignment with the institution's mission. The CIO is responsible for implementing a risk management program that mitigates threats, supports disaster recovery, and maintains acceptable risk tolerance levels.
This policy outlines Clackamas Community College’s requirements for cloud service usage, ensuring data security through risk assessments, contractual agreements, and compliance monitoring. It establishes guidelines for cloud service agreements, shared hosting environments, and vendor risk assessments to protect sensitive data.
Policy 117 establishes guidelines for Sandbox Environments at Clackamas Community College, allowing faculty to create isolated teaching environments for IT-related instruction while ensuring security controls and compliance with regulations. These environments are restricted to approved users, subject to audits, and exempt from broader security policies, with exceptions requiring CIO approval.
This policy ensures Clackamas Community College complies with PCI-DSS standards by securing payment card data, restricting access, prohibiting data storage, enforcing employee training, and monitoring networks for vulnerabilities. It mandates strict security controls, with exceptions requiring CIO approval.
This policy outlines guidelines for the responsible use of CCC Technological Resources, ensuring compliance with laws, protecting sensitive data, and maintaining resource security and accessibility. It applies to all staff and provides detailed regulations on general use, accounts, computing devices, network access, electronic communications, and data management, with violations subject to disciplinary action.
This policy establishes guidelines for the responsible and secure use of Clackamas Community College’s Electronic Information Resources by students. It defines expectations, restrictions, and potential consequences for misuse to ensure a safe, lawful, and productive academic environment.