Kaleidoscope class canceled today
Due to inclement weather, all March 25 Kaleidoscope classes have been canceled.
Due to inclement weather, all March 25 Kaleidoscope classes have been canceled.
The Augustana College Written Information Security Policy (“WISP”) is intended as a set of comprehensive guidelines and policies designed to safeguard confidential and restricted data maintained at the College, and to comply with applicable laws and regulations on the protection of Personal Information and Nonpublic Financial Information, as those terms are defined below, found in records and in systems owned by the College.
This written information security program (WISP) was implemented to comply with regulations issued by the State of Illinois; and by the Federal Trade Commission [16 CFR Part 314]; and with our obligations under the financial customer information security provisions of the federal Gramm-Leach-Bliley Act (“GLB”) [15 USC 6801(b) and 6805(b)(2)]; and the European General Data Protection Regulation as applicable.
In accordance with these federal, state, and international laws and regulations, Augustana College is required to take measures to safeguard personally identifiable information, including financial information, and to provide notice about security breaches of protected information at the college to affected individuals and appropriate state agencies.
Augustana College is committed to protecting the confidentiality of all sensitive data that it maintains, including information about individuals who work or study at the College. Augustana College has implemented a number of policies to protect such information, and the WISP should be read in conjunction with these policies that are cross-referenced at the end of this document.
The purposes of this document are to:
This Program applies to all Augustana College employees, whether full- or part-time, including faculty, administrative staff, contract and temporary workers, hired consultants, interns, and student employees, as well as to all other members of the Augustana College community (hereafter referred to as the “Community”). This program also applies to certain contracted third-party vendors (see section 4.6 for further information). The data covered by this Program includes any information stored, transported, accessed or collected at the College or for College operations. The WISP is not intended to supersede any existing Augustana College policy that contains more specific requirements for processing and safeguarding certain types of data. If such policy exists and is in conflict with the requirements of the WISP, the other policy may take precedence.
Augustana Community: The collection of students, employees, alumnae, volunteers, business partners, and organizations who access, collect, extract, transport, store, analyze, view, and manage data on the behalf of Augustana College.
Data: For the purposes of this document, data refers to information stored, transported, accessed, provisioned, derived from, recorded or otherwise collected for the College about members of the College community.
Personal Information: Personal Information (“PI”) is the first name and last name or first initial and last name of a person in combination with any one or more of the following:
All data covered by this Program should be classified into one of three categories outlined below, based on the level of security required for each, starting with the highest level.
Information Technology Services: ITS staff shall be responsible for all data stored centrally on the College’s servers and administrative systems, and are responsible for the security of such data. For distributed data stored on departmental servers, the department head or their designee shall be responsible, and ITS and the department share joint responsibility for securing the data under the direction of the College’s designated data security coordinator.
Department Leaders: Department heads will alert Human Resources and Information Technology Services at the conclusion of a contract for individuals that are not considered Augustana employees in order to terminate access to their Augustana College network and service accounts.
The Augustana community: The campus community shares responsibility for maintaining the privacy and integrity of all Confidential, Restricted, or Public data as defined above, and must protect the data from unauthorized use, access, disclosure or alteration. All members of the Augustana community are required to access, store and maintain records containing Confidential, Restricted, or Public data in compliance with this Program.
Augustana College recognizes that it has both internal and external risks to the privacy and integrity of College information. These risks include, but are not limited to:
Augustana College recognizes that this may not be a complete list of the risks associated with the protection of Confidential or Restricted data. Since technology is not static, new risks are created regularly. Accordingly, ITS will work with and monitor advisory groups such as the EDUCAUSE Security Institute, the SANS institute, National Institute of Science and Technology as well as other resources known for identification and mitigation of cyber risk.
To protect College data classified as Confidential, the following procedures and guidelines have been developed that relate to access, storage, transportation and destruction of records.
Access & Storage
Transporting Confidential Data
Destruction of Confidential Data
Traveling Abroad with Students’ Personal Information
In order to protect College data, all members of the Community must select unique passwords following these guidelines:
Augustana College exercises appropriate diligence in selecting service providers capable of maintaining appropriate security safeguards for PI provided by the College to them. The primary budget holder for each department is responsible for identifying those third parties providing services to the College that have access to PI. All relevant contracts with these third parties are reviewed and approved by the Augustana College Purchasing Department, General Counsel and Chief Information Officer to ensure the contracts contain the necessary language regarding safeguarding PI. It is the responsibility of the primary budget holders to confirm that the third parties are required to maintain appropriate security measures to protect PI consistent with applicable laws and regulations.
Technology Support Services staff monitor and assess safeguards on an ongoing basis to determine when enhancements are required. The College has implemented the following to combat external risk and secure the College network and systems containing Confidential Data:
All employees are required to complete the online security training on an annual basis. Any faculty, student or contract employee that has access to PI is also required to complete this yearly training.
Any incident of possible or actual unauthorized access to or disclosure, misuse, alteration, destruction, or other compromise of PI, or of a breach or attempted breach of the information safeguards adopted under this Program, must be reported immediately to the CIO. The CIO will contact the Data Incident Response Team who will convene a meeting and develop an appropriate response plan as soon as possible. The Data Incident Response Team is responsible for coordinating appropriate actions in their response to the breach. The Incident Team will document all breaches and subsequent responsive actions taken. All related documentation will be stored in the Business Office vault.
For more information about incident response, including specific procedures for responding to a breach, see the Augustana Incidence Response Plan.
Any employee or student who willfully accesses, discloses, misuses, alters, destroys, or otherwise compromises Confidential or Restricted data without authorization, or who fails to comply with this Program in any other respect, will be subject to disciplinary action, which may include termination in the case of employees and expulsion in the case of students.
The following Augustana College policies provide advice and guidance that relates to this Program:
This Written Information Security Program was implemented 4/22/2021.
The College will review this Program at least annually and reserves the right to change, modify, or otherwise alter this Program at its sole discretion and at any time as it deems circumstances warrant.