6/2020
Board Policies
Chapter 5 - Administration
5.23 Security and Privacy of Information Resources
Part 1. Policy Statement. Minnesota State Colleges and Universities is committed to protecting the
security and privacy of its information resources and to make information accessible to fulfill its mission of
providing high quality higher education. The system shall maintain the confidentiality, integrity and
availability of information resources; ensure continuity of operations; prevent, control and minimize the
impact of security incidents; and manage risks to those resources regardless of the storage medium,
transmission or disposal methods. Each college and university and the system office shall adopt and
implement privacy and security policies, procedures, plans, programs and training for its information
resources consistent with applicable system policy, procedures and other applicable standards and state
and federal law.
All users of Minnesota State Colleges and Universities system information resources are responsible for
the privacy, security, and appropriate use of those resources over which they have authority, access or
control, and for compliance with applicable laws, regulations, policies, procedures and other standards.
Each college, university and the system office shall provide appropriate security awareness resources for
its users.
Part 2. Applicability. This policy applies to all users of system information resources; and to all system
information resources in any form or storage media, wherever located.
Part 3. Definitions.
Subpart A. Access. Access means the authority to view information, and when appropriate, insert,
update, delete, or download information. Access shall be authorized to individuals or groups of users
depending on the application of law or system policy or procedure. Technical ability to access information
is not necessarily equivalent to legal authority.
Subpart B. Information Resources. Information resources means all data collected, created, received,
maintained or disseminated by any Minnesota State Colleges and Universities user, regardless of its form,
storage media or conditions of use.
Subpart C. System. System, or Minnesota State Colleges and Universities system, means the Board of
Trustees, the state colleges and universities, the system office, and any part or combination thereof.
Subpart D. User. User means any individual, including but not limited to, students, administrators,
faculty, other employees, volunteers, and other authorized individuals using system information
resources, whether or not the user is affiliated with Minnesota State Colleges and Universities.
Subpart E. Integrity. Integrity means assuring that information is kept intact, and not lost, damaged or
modified.
Subpart F. Availability. Availability means assuring that information is accessible to authorized users
when needed.
Subpart G. Confidentiality. Confidentiality means assuring that information is accessible only as
authorized.
Part 4. Scope.
Subpart A. Procedures. The chancellor shall adopt security and privacy procedures under this policy.
Subpart B. Sanctions. Users who violate this policy or related system , college or university procedures
shall be subject to disciplinary action through appropriate channels. Violations may be referred to
appropriate law enforcement authorities.
-As of 10/7/16
