Information Security refers to policies and practices intended to protect information and systems from unauthorized access, use, disclosure, disruption, modification, perusal, inspection, recording or destruction.
Following University Management Procedure 300, Risk Management and Administrative Compliance houses the Information Security Officer (ISO). The ISO is a University resource for best practices in information security. Dedicated to assuring the confidentiality, integrity and availability of the University's information assets, this office supports the institution's Internal Controls initiative.
The ISO has overall responsibility for ensuring the implementation, enhancement, monitoring and enforcement of this program and provides direction and leadership to ensure that appropriate safeguards are implemented, and to facilitate compliance with those policies, standards and processes.
The ISO is responsible for investigating all alleged information security incidents and violations. In this role, the ISO may refer the investigation to other investigatory entities, including law enforcement. The ISO will coordinate and oversee IT security program activities and reporting processes in support of this program and other IT security initiatives.
Additional policies and procedures of the University apply broadly to all systems and sensitive information on campus. They are as follows:
- Acceptable Use policy
- Information Security Policy
- Responsible Use/Confidentiality Agreement – applicable to employees and Binghamton University contractors/vendors
- SUNY Information Security Guidelines, Part 1: Campus Programs & Preserving Confidentiality, Document #6608
- Federal Educational Rights and Privacy Act 34 CFR Part 99
- Health Insurance Portability and Accountability Act 45 CFR Parts 160, 162, and 164 (HIPAA)
- Gramm Leach Bliley Act
- NYS Information Security Breach & Notification Law
- NYS Governmental Accountability, Audit & Internal Control Act
- NYS Information Security Policy
- Other State and Federal regulations governing the acquisition, retention, and dissemination of protected data
- SUNY system-wide information security policies and requirements
- SUNY Policies of the Board of Trustees