Division of Information Technology
Better preparing you for your experiences on the internet
Compliance Management
North Georgia is subject to several legal, contractual, and system requirements which pertain to the enactment and management of information security and related activities.
| Compliance Requirements | Type | Description |
| Electronic
Communications Privacy Act (ECPA) |
Federal Law | ECPA extends federal restrictions concerning government and third party surveillance of electronic communications. |
| Family
Educational Rights and Privacy Act (FERPA) |
Federal Law | FERPA is the
keystone federal privacy law for educational institutions and imposes
confidentiality requirements around student educational records. |
| Gramm-Leach-Bliley
Act Safeguards Rule (GLBA) |
Federal Law | The GLBA safeguard rule requires that financial providers take specific actions to safeguard their clients' information. The majority of Higher education institutions are considered financial institutions under GLBA due to their financial activities (i.e. processing of student loans). Institutions are compliant with seperate GLBA privacy rules by observing relevant FERPA requirements. |
| Health
Insurance Portability and Accountability Act Security Rule (HIPAA) |
Federal Law | The HIPAA Security rule outlines specific security safeguards that must be in place to provide protection for all electronic personal health information (EPHI). |
| Georgia Computer Systems Protection Act | State Law | The Georgia Computer Systems Protection Act specifies legal definitions and penalties for criminal acts such as computer fraud and abuse. |
| Payment
Card Industry Data Security Standard (PCI DSS) |
Contractual | PCI DSS is a security standard developed by major credit card companies to ensure that organizations take appropriate measures to protect consumer credit card information. |
|
(BPM 712.01 - 712.03)
|
BOR-USG Policy |
This policy sets for the specific responsibilities that USG institutions have for maintaining an appropriate information security infrastructure. |
| USG Acceptable Usage Policy | BOR-USG Policy |
|
| PeachNet Acceptable Usage Policy | BOR-USG Policy |
The Peachnet AUP sets forth the requirements for assuring that utilization of the PeachNet network is appropriate and authorized. |
| USG Password Authentication Policy | BOR-USG
Policy
|
|
| State of Georgia Electronic Equipment Disposal Policy | State Policy | The State Electronic Disposal Policy sets forth requirements that data storage devices (such as hard drives) are appropriately managed and sanitized when electronic devices are surplused. |