|Definition:||The President (or designee) shall establish and implement an information security program that contains technical and physical safeguards designed to protect the confidentiality, integrity and availability of campus information assets. The intent of the program is to ensure compliance with relevant California State University policy and standards, privacy practices, and federal, state and local laws.|
|Authority:||Government Code 8314; California State University Information Security Policy, Aug. 2002.|
|Scope:||Applies to all areas of the University in accordance with the CSU-Wide Information Security Policy.|
|Responsible Division:||Academic Affairs|
|Signature Page/PDF:||View Signatures for Information Security Policy|
|A. Information Security Program
|1. The CSUSM Information Security Program incorporates by reference the CSU-Wide Information Security Policy and Standards. The Information Security Program is composed of campus policies and procedures along with Instructional & Information Technology Services (IITS) practices as required to implement the CSU-Wide Information Security Policy and comply with applicable federal, state and local laws.
|B. Information Security Officer (ISO)|
|1. The Information Security Officer is responsible for establishing and maintaining an information security program that contains administrative, technical and physical safeguards designed to protect campus assets.|
|C. Information Security Steering Committee (ISSC)|
|1. The Information Security Steering Committee reviews and approves information security procedures, plans and guidelines that affect campus organizations.
2. Members of the ISSC include the campus Chief Information Officer, Information Security and at least two members of campus management.
|D. Information Management Steering Committee (IMSC)|
|1. The IMSC advises the President and Executive Council on matters of information management, information systems and technology.
2. IMSC membership includes the Provost, Vice Presidents for Finance and Administrative Services, Student Affairs and University Advancement along with the Chief Information Officer and the Director of the IT Project Management Office. It is chaired by the Chief of Staff.
3. The IMSC will serve as the advisory body for information security matters that cannot be administratively resolved by the ISO and ISSC.