Follow Christ, Lead the Way

Establishing and Maintaining an Information Security Program

Overview

Students have a right to know that their information is being kept in a secure information technology environment.

Policy Statement

The Chief Information Officer is responsible for establishing and maintaining an information security program that contains administrative, technical, and physical safeguards designed to protect campus information assets. 

The information security program must implement a risk-based, layered approach that uses preventative, detective, and corrective controls sufficient to provide an acceptable level of information security and must be reviewed annually to ensure compliance with industry standards and best practices. 

The Information Security Program Should Contain: 

  • Document roles and responsibilities for the information security program. 
  • Ensure confidentiality, integrity and availability of institutional data. 
  • Develop risk management strategies to identify and mitigate threats and vulnerabilities. 
  • Establish and maintain an information security incident response plan. 
  • Maintain ongoing security awareness and training programs. 
  • Comply with applicable laws, regulations, and Ohio Christian University policies. 

Applicability

This policy applies to all staff, faculty and third-party agents authorized to access institutional data.

Responsibility

Chief Information Officer

Contact Information

John Bocook
740-477-7792
jbocook@ohiochristian.edu