Division of Information Technology
Better preparing you for your experiences on the internet
North Georgia Information Security Policy
Policies are high-level expressions of organizational intent and requirements that pertain to particular topics. Policies are mandatory and enforced meaning they must be followed.
| Policy Title | Description | Status |
| Information Security Program Policy | The ISPP is an accessible, and understandable summary of the information security framework relevant to North Georgia employees and campus affiliates. | Ratified |
| Computer and Network Usage Policy | The computer network acceptable usage agreement, this is the standard by which all systems that attach to the University network must adhere to. | Ratified |
| Antivirus Software Policy | Describes the requirement that antivirus software shall be used on systems which access campus networks. | Ratified |
| Data Management and Access | Describes the requirements and principles required for providing appropriate safeguards and managing data assets. | Ratified |
| Digital Millenium Copyright Act | Describes the requirements to be followed for appropriate management of Digitial Millenium Copyright Act (DMCA) violation notices. | Ratified |
| Electronic Information Sanitization | Describes the approach used to ensure that data in the form of electronic information is removed from devices and storage media before repurposing or surplus. | Ratified |
| Firewall and Network Filtering | Details how firewalls and network filters will be used to protect North Georgia information systems. | Ratified |
| Incident Response | Outlines the requirements needed to ensure a timely and structured response to computer and network security incidents. | Ratified |
| Information System Usage | Sets forth the usage requirements for institutional information assets including computers and networks | Proposed |
| Minimum Security For Networked Devices | Describes the requirements for ensuring that devices connected to campus networks follow a common security basline standard. | Ratified |
| Password | Describes the requirements necessary for securely creating and managing password credentials used to access campus services and resources. | Proposed |
| Remote Access | Defines the management and utilization requirements necessary for securing remote access connections. | v1.2 |
| Risk Management | Defines the requirements and responsbilities for the enactment of a formal infrormation risk management process. | Ratified |
| Wireless Access | Describes the requirements necessary for deploying and using wireless network technology. | Ratified |
Information Security Contracts & Agreements
Security contracts and agreements represent defined obligations and understanding necessary for establishing services and access to University resources. Security contracts and agreements are mandatory and enforced.
| Agreement Title | Description | Type |
| Computer Issuance Agreement | Describes the usage requirements for all campus computing equipment including but not limited to personal computers, laptops, and mobile computing platforms. | Agreement |
| Employee Non-Disclosure Agreement | Agreement for employees of the University whose positions require additional access to non-public information. | Agreement |
| Third Party Non-Disclosure Agreement | Legal agreement for third parties that defines the access/dissemination restrictions relevant to non-public information. | Agreement |
| Remote Access Agreement | Describes the relevant requirements for NGCSU employees, students, and partners who wish to request remote access to university information resources. | Agreement |
| ASP Provider Agreement | Describes the terms NGCSU requires of all ASP providers. | Agreement |