110  Data Security Policies BOSTON COLLEGE Data Security Policy http://www.bc.edu/content/dam/files/offices/policies/pdf/policies/I/1-100-200.pdf ROLE OF THE DATA SECURITY COMMITTEE 1. The University has established the Data Security Committee to formulate University-wide procedures and guidelines concerning the collection, storage, use and safekeeping of data, to update as necessary this policy, and to direct the responsive actions in the event of any material violation of this policy or any Security Breach. 2. The Data Security Committee shall from time to time consult with representatives of the Data Security Working Group to review the implementation of this policy and compliance with the Computer System Security Requirements and Data Security Directives. 3. The Data Security Committee shall periodically review identifiable risks to the security, confidentiality, and integrity of data, and shall review this policy and the scope of Computer System Security Requirements at least annually to assess its effectiveness and determine whether any changes are warranted. 4. The Data Security Committee is authorized to: Issue Data Security Directives. Promulgate amendments to this policy, including the Computer System Security Requirements. Take actions to ensure compliance with this policy, which may include, without limitation, the commissioning of internal audits and investigations. Take actions in response to violations of this policy or any Security Breach. ROLE OF THE DIRECTOR OF COMPUTR POLICY AND SECURITY 1. The Director of Computer Policy and Security shall, with input from the Data Security Working Group, identify and assess reasonably foreseeable internal and external risks to the security, confidentiality, and integrity of University data. This identification and risk assessment shall include adopting means for detecting security system failures and monitoring the effectiveness of the Computer System Security Requirements. 2. The Director shall, in conjunction with the Data Security Working Group, oversee the implementation of the Computer System Security Requirements and recommend changes to address risks, failures, or changes to business practices to the Data Security Committee. 3. The Director shall work with other University administrators to investigate any violation of this policy and any incident in which the security or integrity of University data may have been compromised, including taking the steps set forth below in response to a security breach. 4. The Director shall work with other University administrators to develop and review training materials to be used for employee training under this policy. SECURITY RESPONSIBILITIES 1. It is the policy of the University that all confidential and other sensitive information be safeguarded from unauthorized access, use, modification or destruction. All members of the University community share in the responsibility for protecting the confidentiality and security of data. This section of the policy assigns specific duties to each of the roles of Vice President and Deans, Sponsors, Data Security Officers, Users, and the Vice President for Human Resources. However, it is likely that an individual will have responsibilities reflecting multiple roles with respect to certain information. 2. Vice Presidents and Deans. University Vice Presidents and Deans (including the University President, and the University Provost and Dean of Faculties in connection with their immediate staff) are responsible for promoting the institutional awareness of this policy and for ensuring overall compliance with it by their staff. In particular, Vice Presidents and Deans are responsible for:
Previous Page Next Page