Policy Category | Policy Owner | Version Effective Date | Review Cycle | Policy Contact |
X. Information Governance, Security & Technology | Chief Transformation Officer | October 31, 2023 | Every 2 years | infosec@umgc.edu |
Purpose
The purpose of this policy is to establish information security standards of identification, management, and control of all University of Maryland Global Campus (鈥淯MGC鈥 or 鈥淯niversity鈥) Information Technology Resources that store or transit Personally Identifiable Information (PII), Controlled Unclassified Information (CUI), or other forms of High Risk Data.
Scope and Applicability
This policy applies to all University Information Systems and Information Technology Resources. All Users are responsible for adhering to this policy.
Definitions
Defined terms are capitalized throughout this Policy and can be found in the Information Governance Glossary.
Information System and Communications Protection
Information System Stewards or their designee must adhere to this Policy to ensure active identification, management, and control of all University Information Technology Resources that store or transit Personally Identifiable Information (PII), Controlled Unclassified Information (CUI), and other forms of High Risk Data to include:
Exceptions
Exceptions to this policy should be submitted to Information Security for review and approval. If an exception is requested a compensating control or safeguard should be documented and approved.