Information Security Policies, Procedures, and Operating Instructions
Board Policies
The foundation of information security policy across all units of the Minnesota State Colleges and Universities is defined by the Board of Trustees in Board Policy.
System Procedures
Procedures support the information security policy by providing more detail on how to meet key aspects the policy goals.
Operating Instructions
Operating instructions are approved by the Chancellor or Chancellor's designee responsible for the area (CIO, CFO, CHRO, etc. Operating instructions typically are more prescriptive than Board Policies or system procedures providing explicit direction or guidance on internal forms, processes and other administrative, managerial or technical matters.
Board Policy 5.22 - Acceptable Use of Computers and Information Technology Resources
- System Procedure 5.22.1 - Acceptable Use of Computers and Information Technology Resources
- System Procedure 5.22.2 - Cellular and Other Mobile Computing Devices
Board Policy 5.23 - Security and Privacy of Information Resources
- Operating Instruction 5.23.1.1 - Password Usage and Handling
- Operating Instruction 5.23.1.2 - Encryption for Mobile Computing and Storage Devices
- Operating Instruction 5.23.1.3 - Data Sanitization
- Operating Instruction 5.23.1.4 - Information Security Incident Response
- Operating Instruction 5.23.1.5 - Security Patch Management
- Operating Instruction 5.23.1.6 - Vulnerability Scanning
- Operating Instruction 5.23.1.8 - Anti-malware Installation and Management
- Operating Instruction 5.23.1.10 - Payment Card Industry - Technical Requirements
- Operating Instruction 5.23.1.11 - Data Backup
- Operating Instruction 5.23.1.13 - Breach Notification
- System Procedure 5.23.2 Data Security Classification
- Operating Instruction 5.23.2.1 Data Security Classification
- System Procedure 5.23.3 Information Security Requirements and Controls
- Operating Instruction 5.23.3.1 Information Security Controls