Learning Analytics, SPEC Kit 360

Perry, Michael R.; Briney, Kristin A.; Goben, Abigail; Asher, Andrew; Jones, Kyle M. L.; Robertshaw, M. Brooke; Salo, Dorothea

111 SPEC Kit 360: Learning Analytics BOSTON COLLEGE Data Security Policy http://www.bc.edu/content/dam/files/offices/policies/pdf/policies/I/1-100-200.pdf  Ensuring that all staff have the training and support necessary to protect data in accordance with this policy, all Data Security Directives, and any Specific Security Procedures applicable to such data.  Designating and managing the efforts of one or more Sponsors and Data Security Officers for all Information Resources maintained in their area of responsibility.  Approving access authorization of all Users of Information Resources maintained in their area of responsibility having a data classification of Confidential.  Promulgating Specific Security Procedures.  Ensuring that Confidential or Internal Use Only data sponsored within their area of responsibility are not provided or accessible to, or created or maintained by University vendors or other third-parties without (i) assistance from the Director of Computer Policy and Security and the Director of Internal Audit, verifying that the third party has the capability of adequately protecting such data (ii) review and approval of the relevant contract and the underlying terms and specifications by the Director of Computer Policy and Security and the Office of the General Counsel and (iii) unless approved otherwise by the Office of the General Counsel, verifying that the third party has executed the University’s standard form of Privacy and Security Addendum. 3. Sponsors. A Sponsor has primary responsibility for overseeing the collection, storage, use and security of a particular Information Resource. In cases where a Sponsor is not identified for any Information Resource, the cognizant Vice President or Dean shall be deemed the Sponsor. A Sponsor is responsible for the following specific tasks associated with the security of the information:  Ensuring that the Information Resource is assigned a security classification and that such data is marked where appropriate.  Identifying authorized Users of the Information Resource, whether by individual identification of by job title, and obtaining approval for such access from their Vice President or Dean.  Proposing to their Vice President or Dean Specific Security Procedures for the handling of data under their sponsorship, consistent with this policy and other applicable University policies and procedures. 4 Data Security Officers. A Data Security Officer works with Information Technology and other appropriate University functions under the direction of a Vice President or Dean and in consultation with a Sponsor, to support the implementation and monitoring of security measures associated with the management of Information Resources. Data Security Officers shall be responsible for:  Ensuring adequate security technology is applied to Information Resources in keeping with their classification and to comply with this policy and all Data Security Directives, and Specific Security Procedures.  Monitoring for indicators of loss of integrity.  Promptly reporting to the Director of Computer Policy and Security any incidents of data being accessed or compromised by unauthorized Users, and any violations of this policy, Data Security Directives or Specific Security Procedures.  Monitoring for risks to data security and reporting any known or reasonably foreseeable risks to the Data Security Working Group.

Previous Page Next Page

SPEC Kit 360: Learning Analytics (September 2018) resources

Free Attachments

Follow Link Learning-Analytics-SPEC-Kit-360.pdf

Extracted Text (may have errors)

111 SPEC Kit 360: Learning Analytics BOSTON COLLEGE Data Security Policy http://www.bc.edu/content/dam/files/offices/policies/pdf/policies/I/1-100-200.pdf  Ensuring that all staff have the training and support necessary to protect data in accordance with this policy, all Data Security Directives, and any Specific Security Procedures applicable to such data.  Designating and managing the efforts of one or more Sponsors and Data Security Officers for all Information Resources maintained in their area of responsibility.  Approving access authorization of all Users of Information Resources maintained in their area of responsibility having a data classification of Confidential.  Promulgating Specific Security Procedures.  Ensuring that Confidential or Internal Use Only data sponsored within their area of responsibility are not provided or accessible to, or created or maintained by University vendors or other third-parties without (i) assistance from the Director of Computer Policy and Security and the Director of Internal Audit, verifying that the third party has the capability of adequately protecting such data (ii) review and approval of the relevant contract and the underlying terms and specifications by the Director of Computer Policy and Security and the Office of the General Counsel and (iii) unless approved otherwise by the Office of the General Counsel, verifying that the third party has executed the University’s standard form of Privacy and Security Addendum. 3. Sponsors. A Sponsor has primary responsibility for overseeing the collection, storage, use and security of a particular Information Resource. In cases where a Sponsor is not identified for any Information Resource, the cognizant Vice President or Dean shall be deemed the Sponsor. A Sponsor is responsible for the following specific tasks associated with the security of the information:  Ensuring that the Information Resource is assigned a security classification and that such data is marked where appropriate.  Identifying authorized Users of the Information Resource, whether by individual identification of by job title, and obtaining approval for such access from their Vice President or Dean.  Proposing to their Vice President or Dean Specific Security Procedures for the handling of data under their sponsorship, consistent with this policy and other applicable University policies and procedures. 4 Data Security Officers. A Data Security Officer works with Information Technology and other appropriate University functions under the direction of a Vice President or Dean and in consultation with a Sponsor, to support the implementation and monitoring of security measures associated with the management of Information Resources. Data Security Officers shall be responsible for:  Ensuring adequate security technology is applied to Information Resources in keeping with their classification and to comply with this policy and all Data Security Directives, and Specific Security Procedures.  Monitoring for indicators of loss of integrity.  Promptly reporting to the Director of Computer Policy and Security any incidents of data being accessed or compromised by unauthorized Users, and any violations of this policy, Data Security Directives or Specific Security Procedures.  Monitoring for risks to data security and reporting any known or reasonably foreseeable risks to the Data Security Working Group.

Help

110 Data Security Policies BOSTON COLLEGE Data Security Policy http://www.bc.edu/content/dam/files/offices/policies/pdf/policies/I/1-100-200.pdf ROLE OF THE DATA SECURITY COMMITTEE 1. The University has established the Data Security Committee to formulate University-wide procedures and guidelines concerning the collection, storage, use and safekeeping of data, to update as necessary this policy, and to direct the responsive actions in the event of any material violation of this policy or any Security Breach. 2. The Data Security Committee shall from time to time consult with representatives of the Data Security Working Group to review the implementation of this policy and compliance with the Computer System Security Requirements and Data Security Directives. 3. The Data Security Committee shall periodically review identifiable risks to the security, confidentiality, and integrity of data, and shall review this policy and the scope of Computer System Security Requirements at least annually to assess its effectiveness and determine whether any changes are warranted. 4. The Data Security Committee is authorized to:  Issue Data Security Directives.  Promulgate amendments to this policy, including the Computer System Security Requirements.  Take actions to ensure compliance with this policy, which may include, without limitation, the commissioning of internal audits and investigations.  Take actions in response to violations of this policy or any Security Breach. ROLE OF THE DIRECTOR OF COMPUTR POLICY AND SECURITY 1. The Director of Computer Policy and Security shall, with input from the Data Security Working Group, identify and assess reasonably foreseeable internal and external risks to the security, confidentiality, and integrity of University data. This identification and risk assessment shall include adopting means for detecting security system failures and monitoring the effectiveness of the Computer System Security Requirements. 2. The Director shall, in conjunction with the Data Security Working Group, oversee the implementation of the Computer System Security Requirements and recommend changes to address risks, failures, or changes to business practices to the Data Security Committee. 3. The Director shall work with other University administrators to investigate any violation of this policy and any incident in which the security or integrity of University data may have been compromised, including taking the steps set forth below in response to a security breach. 4. The Director shall work with other University administrators to develop and review training materials to be used for employee training under this policy. SECURITY RESPONSIBILITIES 1. It is the policy of the University that all confidential and other sensitive information be safeguarded from unauthorized access, use, modification or destruction. All members of the University community share in the responsibility for protecting the confidentiality and security of data. This section of the policy assigns specific duties to each of the roles of Vice President and Deans, Sponsors, Data Security Officers, Users, and the Vice President for Human Resources. However, it is likely that an individual will have responsibilities reflecting multiple roles with respect to certain information. 2. Vice Presidents and Deans. University Vice Presidents and Deans (including the University President, and the University Provost and Dean of Faculties in connection with their immediate staff) are responsible for promoting the institutional awareness of this policy and for ensuring overall compliance with it by their staff. In particular, Vice Presidents and Deans are responsible for:

Previous Page Next Page

SPEC Kit 360: Learning Analytics (September 2018) resources

112 Data Security Policies BOSTON COLLEGE Data Security Policy http://www.bc.edu/content/dam/files/offices/policies/pdf/policies/I/1-100-200.pdf 5. Users. Users are responsible for complying with all security-related procedures pertaining to any Information Resource to which they have authorized access or any information derived therefrom that they possess. Specifically, a User is responsible for:  Becoming familiar with and complying with all relevant University policies, including, without limitation, this policy, and all Data Security Directives contemplated hereby, the policy on Professional Standards and Business Conduct, and other policies related to data protection, technology use and privacy rights (including the University Student Education Records).  Providing appropriate physical security for information technology equipment, storage media, and physical data. Such equipment and files shall not be left unattended without being locked or otherwise protected such that unauthorized Users cannot obtain physical access to the data or the device(s) storing the data.  Ensuring that Confidential or Internal Use Only information is not distributed or accessible to unauthorized persons. Users must not share their authorization passwords under any circumstances. Users must avail themselves of any security measures, such as encryption technology, security updates or patches, provided by Data Security Officers. Users must log off from all applications, computers and networks, and physically secure printed material, when not in use.  To the extent possible, making sure that any Massachusetts PI accessed by the User is stored only on secure servers maintained by the University and not on local machines, unsecure servers, or portable devices.  Boston College Confidential or Internal Use Only data, when removed from the campus or when accessed from off-campus, is subject to the same rules as would apply were the data on campus. Sponsors and Users will comply with this Policy and all relevant Data Security Directives irrespective of where the Boston College data might be located, including, for example, on home devices, mobile devices, on the Internet, or other third-party service providers.  When access to information is no longer required by a User, disposing of it in a manner to insure against unauthorized interception of any Confidential or Internal Use Only information. Generally, paper-based duplicate copies of Confidential documents should be properly shredded, and electronic data taken from Confidential databases should be destroyed.  Immediately notifying his or her cognizant Data Security Officer of any incident that may cause a security breach or violation of this policy. 6. Vice President for Human Resources. The Vice President for Human Resources shall be responsible for:  Working with the Data Security Working Group to educate incoming employees (including temporary and contract employees) regarding their obligations under this policy and to provide on-going employee training regarding data security  Ensuring that terminated employees no longer have access to University systems that permit access to Confidential or Internal Use Only information and  Carrying out any disciplinary measures against an employee taken in response to a violation of this policy as required by the Data Security Committee. SECURITY BREACH RESPONSE As provided above, Users and Data Security Officers must report any known Security Breach or any incident that is likely to cause a Security Breach. These incidents include thefts of computer devises, viruses, worms, or computer “attacks” that may lead to unauthorized access to confidential information.

Previous Page Next Page

Page 1Survey Results click to expand contents

Page 42Representative Documents click to expand contents

Page 43Library Privacy Statements and Policies click to expand contents

Page 77Institution Privacy Policies click to expand contents

Page 106Data Security Policies click to expand contents

Page 145Selected Resources click to expand contents

SPEC Kit 360: Learning Analytics (September 2018) resources

All section downloads (PDF) click to expand contents

Free Attachments

Extracted Text (may have errors)

Help

loading

SPEC Kit 360: Learning Analytics (September 2018) resources

SPEC Kit 360: Learning Analytics (September 2018) resources