Information Technology Services – Dr. Baz Abouelenein, Chief Information Officer
Last Revised: 06/11/19
Title: IT Security Policy
Applicable: Wofford Students, Faculty and Staff
Contacts: IT Help Center x4357
Background: Computer systems store information that is private, confidential, and sensitive. Unauthorized access to, modification of, or falsification of such information is unethical and illegal.
Policy: All programs and files within any computer system shall be considered confidential and private and as such may be accessed only by those with a legitimate need to access such information and to whom permission has been granted by the person responsible for its security. All Wofford employees and students must take appropriate steps to safeguard privacy and confidential information
- The Chief Information Officer has the responsibility for providing leadership in safeguarding the confidentiality and privacy of the programs and files. All users are expected to share this responsibility.
- The absence of security protection on a file or resource shall not imply permission to access that file or resource.
- Highly sensitive personally identifiable information (PII) such as social security numbers, credit card numbers, health information, or financial information may not be transmitted via email.
- Anyone placing confidential information in a computer file, or designing systems to store and process confidential information, must take all reasonable measures to protect access to that information, and follow all applicable laws and standards.
- Wherever feasible, each user of a computer or information service must use user identification and password known only to that person. Each person assigned such a user identification will be held responsible for all activity attributed to that user. Therefore, users should not share their passwords with others, should choose passwords that are difficult to guess, and change them often.
- Any new information system must adhere to the requirement for unique user identification.
- Information Technology Services (ITS) may implement procedures which require users to choose passwords which are difficult to guess and to change them often. ITS may also require a second authentication factor (e.g. fingerprint, text message) for added security.
- ITS and other departments that control or give permission for access to information should perform regular audits to determine whether that access is still appropriate.
- ITS must be notified upon the termination of employment for any individual that has access to Wofford information systems. ITS staff will delete or suspend the accounts of such users, unless special arrangements have been made with the former user's supervisor.
- This policy applies to all persons, including students, faculty, staff members, and others.
- This policy applies to all programs and data files within any computer system, whether the files belong to a student, a faculty member, an administrative office or a service provider.
- Any intentional or unintentional breach of data security must be reported to the Chief Information Officer and the appropriate supervisor.
- Anyone who has knowledge of an attempt by anyone to violate this policy shall make known this violation to the Chief Information Officer.
- Any person guilty of violating the security of any files or programs shall be subject to dismissal from the college and/or criminal charges.