113 SPEC Kit 360: Learning Analytics BOSTON COLLEGE Data Security Policy http://www.bc.edu/content/dam/files/offices/policies/pdf/policies/I/1-100-200.pdf Immediately upon becoming aware of a likely Security Breach, the Director of Computer Policy and Security shall notify the Office of the General Counsel and the Director of Internal Audit. ITS Security and Internal Audit shall conduct an investigation. The General Counsel shall determine what, if any, actions the University is required to take to comply with applicable law, including whether any notification is required under Massachusetts law. The General Counsel shall work with other administrators as appropriate to ensure that any notifications and other legally required responses are made in a timely manner. If the event involves a criminal matter, the Boston College Police Department shall be notified and shall coordinate its response with the Office of the General Counsel. ITS Security and Internal Audit shall investigate and review the incident with the department(s) directly affected by the incident, the appropriate Data Security Officer(s). Internal Audit, in conjunction with the Director of Computer Policy and Security, shall prepare a formal report that will be distributed to the Data Security Committee and appropriate department members immediately after the investigation is finalized. Quarterly, the Directors of Computer Policy and Security and Internal Audit will present a summary of data security investigations and/or relevant data security updates to the Data Security Committee, who shall conduct a post-incident review of events and determine, what, if any changes should be made to University practices or policies to help prevent similar incidents. The Committee shall document the University’s actions in response to a Security Breach and its post-incident review in the minutes of the meeting in which the breach is discussed. ENFORCEMENT SANCTIONS The University reserves the right to monitor network traffic, perform random audits, and to take other steps to insure the integrity of its information and compliance with this policy. Violations of this policy may lead to appropriate disciplinary action, which may include temporary or permanent restrictions on access to certain information or networks. Willful or repeated violations of this policy may result in dismissal from the University. Approved: William P. Leahy, S.J. Date: December 31, 2010rev
Previous Page Next Page