Purpose
The purpose of this System and Information Integrity Information Technology Requirement (ITR) is to establish information security standards for the System and Information Integrity processes relevant to Anne Arundel Community College ("College") Information Technology Resources. The discipline of information systems security relies on the practice of ensuring and maintaining the confidentiality, integrity, and availability of information systems and data transmitted, processed, and/or stored on those systems.
Scope
This ITR applies to all College Information Systems and Information Technology Resources. All Information system custodians, their designees and contractors are responsible for adhering to this ITR. The AACC Security Program will maintain safeguards aligned with NIST SP 800-171 to ensure the protection, integrity, confidentiality, and resilience of Information Technology Resources.
Definitions
System and Information Integrity Requirements
System and Information Integrity Requirements address security controls that are implemented within systems and organizations to provide assurance that the system and information being accessed has not been tampered with or damaged (integrity).
In a risk-based manner, AACC will implement NIST SP800-171 and SP800-172 security controls.
Enforcement
Any user with knowledge of a potential violation shall notify IIT as soon as practicable.
Any employee, contractor or other third-party performing duties on behalf of the College who violates may be denied access to Information Technology Resources and may be subject to disciplinary action, up to and including termination of employment or contract or pursuit of legal action.
Exemptions
Exceptions should be submitted to the vice president for Information and Instructional Technology Division, through the director of Information Security for review and approval. If an exception is granted a compensating security control or safeguard will be documented.
Contingencies
None
Review Process
Information Technology Requirements will be reviewed every 12 months or sooner, if required. Guidelines and Processes will be reviewed every 24 months or sooner, if required.
Guideline Title: System and Integrity Information Technology Requirement
Guideline Owner: Vice President for Information and Instructional Technology
Guideline Administrator: Director, Information Security
Contact Information: John Williams, jwwilliams6@minxueacc.com
Approval Date: Jan. 8, 2024
Effective Date: Jan. 8, 2024
History: Adopted November 2023
Applies to: Faculty and Staff
Related Policies: Acceptable Use of Information Technology Resources Policy
Related Procedures: Acceptable Use of Information Technology Resources Procedures
Related Guidelines:
Forms: N/A
Relevant Laws: