Technology PolicyGustavus Technology Services
Technology Use Policy for Employees
This policy covers the acceptable and unacceptable uses of College technology resources. Copyright, fair use, privacy, and security are also specifically covered.
Acceptable Use Policy
This policy covers acceptable use of College technology resources and applies to students, as well as employees. Specific "intended uses" are referenced, and topics of copyright and fair use are covered.
Technology Purchasing Policy
This policy covers the purchasing of all technology hardware, software, systems, and peripherals. Please review this policy before attempting to procure new technology with institutional funds.
Staff/Faculty Account Access Policy
This policy covers the handling of employee accounts following departure or retirement from Gustavus and describes the process for requesting extensions. Technology support expectations for departing/retiring employees is also mentioned.
Student Account Retention Policy
This policy covers the handling of student accounts following withdrawal, hiatus, or graduation. Accounts for unenrolled admits are mentioned, and the process for graduating students (in good standing) to request extensions is also described.
Account Data Retention Policy
This policy provides a broad overview of the handling of employee and student accounts by highlighting the schedules for account closure and data deletion. A brief introductory definition of "account data" is offered, and the process for retrieving data from disabled/closed accounts is also covered.
Information Security Program
This policy provides a framework for the College's efforts to protect sensitive data.
Data Classification and Handling Policy
This policy establishes guidelines for the secure handling of different types of College data.
User Access Control Policy
This policy sets guidelines for the management of user permissions and the assignment of user access to campus systems.
Physical Access Control Policy
This policy sets appropriate standards for restricting physical access to sensitive areas that contain critical technology infrastructure and systems.
Risk Assessment Policy
This policy determines the frequency and process for conducting and reporting risk assessments.
Data Management Policy
This policy covers various responsibilities for effective and secure management of data throughout its lifecycle.
Server and Application Management Policy
This policy serves as a guide for Technology Services that ensures consistent and industry-standard procedures are followed in the procurement and maintenance of servers and related applications.
Vendor Security Policy
This policy defines the processes to establish and verify that College vendors follow appropriate security protocols when receiving and handling institutional data.
Incident Response Plan
This plan outlines the process and responsibilities for managing an incident response. (Requires sign in)