The University of San Francisco: Information Technology Services
Information Technology

Information Security Awareness Policy

PDF Version: Link

Effective Date: 11-14-2013

Last Updated: 11-14-2013

Responsible University Officer:
Vice President, Chief Information Officer

Policy Owner:
Director, Network and Security Services

Policy Contact:
ITS Help Desk

  1. POLICY STATEMENT
    1. Individuals employed by USF are required to:
      1. read, acknowledge, and sign Confidentiality Agreement - as part of new hire on-boarding process with Human Resources.
      2. complete Information Security Training upon hire  (i.e. within one month of signed contract start date) and annually thereafter.
  2. REASON FOR POLICY
    1. Effective information security requires a high level of participation from all members of the University.
    2. The purpose of this policy states the expectation of initial and ongoing information security education, awareness, and training at University of San Francisco (USF) - i.e. security issues related to the confidentiality, integrity, and availability of information utilized, processed, maintained, and archived at USF.
    3. This policy is not intended to address the proprietary interests of intellectual property and/or copyright issues.
  3. SCOPE
    1. This policy affects all users of the University’s information resources.
  4. AUDIENCE
    1. All Employees, Faculty and Staff.
    2. All student workers.
    3. All contractors, vendors and any others 3rd parties entrusted with University Sensitive Data where prescribed by vendor service agreement, employment contract or direction of the Information Security Officer.
  5. POLICY TEXT
    1. Standards
      1. The University’s standard for Information Security Awareness Training is SANS Securing The Human (STH).
  6. PROCEDURES
    1. (In development)
  7. RELATED INFORMATION
    1. USF ITS Policy, Technology Resources Appropriate Use Policy, http://www.usfca.edu/its/about/policies/aup/
    2. USF ITS Policy, Information Security Policy, http://www.usfca.edu/its/about/policies/infosec/
  8. DEFINITIONS
    1. (None)
  9. FREQUENTLY ASKED QUESTIONS
    1. (None)
  10. REVISION HISTORY
    1. 06-01-2013 - Final draft of policy
    2. 11-14-2013 - Approved for publication
  11. COMPLIANCE
    1. Failure to follow this policy can result in disciplinary action in accordance with Human Resources Employment Handbook and Office of General Counsel employee and labor relations. Disciplinary action for not following this policy may include termination, as provided in the applicable handbook or employment guide.
  12. POLICY EXCEPTION PROCESS
    1. A proposed exception request to ITS Policy requires a formal email explanation related and in support of job function.
    2. A proposed exception request to ITS Policy, mentioned in 'XII.A', must be approved via email by respective department or division supervisor, Dean, or VP, before submitted to ITS for review.
    3. Forward approved email as stated in 'XII.B' to itshelp@usfca.edu for processing.
    4. Evaluation of ITS Policy Exception will escalate internally, and as applicable may include further review by: UITC subcommittee(s), the Information Security Officer, and others as appropriate at the request of VP for IT.
  13. APPENDICES
    1. (None)