Information Security

See Also: Policy 4810 - TMCC Telecommunications Use and Policy 4814 - Information Security and Inventory of Institutional Data

Protection of Confidential or Sensitive Data

Confidential or Sensitive Data (highest level of security)

  • Protected due to legal requirements (FERPA, Gramm Leach Bliley Act, ADA, EEO, HIPAA, etc.)
  • All data must be either password protected, encrypted, or stored on secure network drives
  • Whole disk encryption is an option

Institutional/Proprietary Data (moderate level of security)

  • All data must be either password protected, encrypted, or stored on secure network drives

Public Departmental Data (lowest level of security)

  • Protected at the discretion of the department/owner
  • Recommended that data be stored on secured LAN drives

Eradication of Data on Surplus or Repurposed Computers

  • Follow the procedures in the Baseline Security Procedures (see below) for all TMCC department and unit computers for administrative office desktop and academic lab computers, as well as application and file servers.

Inventory of Data Locations

On an annual basis, the College's departments and units will inventory the physical and network location of confidential or sensitive data. Each department or unit will create a master list that details this information for reference.

Security Incidents

Lock symbol on computer

A security incident can be anything from a suspected virus on a computer, knowledge of malicious intent concerning the TMCC computer systems, witnessing suspicious activity, inappropriate release of College data, or the reasonable belief of unauthorized data access.

  • Information security incidents should be reported to IT management in person, via email, or by telephone.
    • In the event of an information security incident, TMCC IT management is responsible for notifying College leadership as necessary.
  • Physical security incidents should be reported to the TMCC Police Department in person, online, or by telephone.
    • In the event of a physical security incident, TMCC Police Department management is responsible for notifying College leadership as necessary.