Pima County Community College District Standard Practice Guide
SPG Title: Security of the Information Technology Infrastructure
SPG Number: SPG-5702/AC
Effective Date: 11/13/06
Approval Date: 11/13/06
Review Date(s): 5/27/11
Revision Date(s): 8/16/11
Schedule for Review & Update: May 2014
Unit Responsible for Review & Update: Information Technology
Sponsoring Unit/Department: Vice Chancellor for Information Technology
Board Policy Title & No.: Information Technology Resource Management, BP-5702
Statement of Purpose
The purpose of establishing and applying appropriate security controls is to ensure the protection of and effective and appropriate use of the College’s technology-related resources.
A. Infrastructure controls of technology resources determine access to technology resources such as the network and systems.
B. Physical controls of technology resources are those that are based on a physical entry to a restricted area such as an office, server room, network/phone room, and Pima Community College areas with a designated entry.
Security Areas and Responsibilities
A. The Vice Chancellor for Information Technology and Campus Information Technology Supervisors define restricted physical technology areas and access to them throughout the College.
B. The Office of Information Technology has the responsibility for identifying infrastructure security controls for technology resources.
C. College departments outside IT are responsible for identifying areas within the technology infrastructure that require security controls and are responsible for working with Information Technology to effect security controls. Examples include, but are not limited to, the College ERP, electronic databases, course management systems, file management systems, and assessment systems.
D. All controls and associated procedures are to be documented, available, followed, and regularly reviewed and modified as needed to ensure continued applicability.