Standard: Email and Campus Communication



Similar documents
Electronic Messaging Policy. 1. Document Status. Security Classification. Level 4 - PUBLIC. Version 1.0. Approval. Review By June 2012

Standard: Information Security Incident Management

Standard: Network Security

United Tribes Technical College Acceptable Use Policies for United Tribes Computer System

Standard: Event Monitoring

Acceptable Use Policy

13. Acceptable Use Policy

Acceptable Use Policy

REGION 19 HEAD START. Acceptable Use Policy

Standard: Data Center Security

OLYMPIC COLLEGE POLICY

INFORMATION SYSTEM GENERAL USAGE POLICY

Policy # Related Policies: Computer, Electronic Communications, and Internet Usage Policy

Information Technology Acceptable Use Policy

PINELAND TELEPHONE COOPERATIVE DSL SERVICE AGREEMENT

Acceptable Use Policy

La Cañada Unified School District Personnel Use of Technology Regulations (AR ) Also known as the Staff Technology and Internet Use Policy

ORANGE REGIONAL MEDICAL CENTER Hospital Wide Policy/Procedure

Southern Law Center Law Center Policy #IT0004. Title: Policy

FKCC AUP/LOCAL AUTHORITY

Village of Hastings-on-Hudson Electronic Policy. Internal and External Policies and Procedures

Embedded Network Solutions Australia Pty Ltd (ENSA) INTERNET ACCEPTABLE USE POLICY

Insert GNIS Logo Here. Acceptable Use Policy & Guidelines Information Technology Policies & Procedures. Guangzhou Nanhu International School

Odessa College Use of Computer Resources Policy Policy Date: November 2010

(For purposes of this Agreement, "You", " users", and "account holders" are used interchangeably, and where applicable).

How To Use Highland Community College Technology Resources Responsibly

Acceptable Use Policy

Acceptable Use of Information Technology

CT Communications Internet Handbook

Adjust Webmail Spam Settings

E Mail Encryption End User Guide

Mount Wachusett Community College. Information Technology Acceptable Use Policies and Helpdesk Prioritization Practices

Forrestville Valley School District #221

Table of Contents. Chapter No. 1. Introduction Objective Use Compliance Definitions Roles and Responsibilities 2

APPROVED BY: DATE: NUMBER: PAGE: 1 of 9

GOSFIELD NORTH COMMUNICATIONS CO-OPERATIVE LIMITED ( GOSFIELD ) ACCEPTABLE USE POLICY

Franciscan University of Steubenville Information Security Policy

How To Use A College Computer System Safely

Acceptable Use and Publishing Policy

Sample Policies for Internet Use, and Computer Screensavers

VICTOR VALLEY COMMUNITY COLLEGE DISTRICT ADMINISTRATIVE PROCEDURE. Computer Use - Computer and Electronic Communication Systems.

Information Security and Electronic Communications Acceptable Use Policy (AUP)

INTERNET SERVICE AGREEMENT. Crestview Apartments offers internet access only at Crestview North:

STATE OF WYOMING Electronic Mail Policy

(Internet) for students, staff and, if requested, members of the Board of Education. All computer

MEMORANDUM INFORMATION TECHNOLOGY SERVICES DEPARTMENT

MISSISSIPPI DEPARTMENT OF HEALTH COMPUTER NETWORK AND INTERNET ACCESS POLICY

By writing to: Cougar Wireless, Attention: Customer Service, 4526 S. Regal St., Suite A, Spokane, WA., 99224

AVON OLD FARMS SCHOOL COMPUTER AND NETWORK ACCEPTABLE USE POLICY

INFORMATION SECURITY Humboldt State University

B. Privacy. Users have no expectation of privacy in their use of the CPS Network and Computer Resources.

MARIN COUNTY OFFICE OF EDUCATION. EDUCATIONAL INTERNET ACCOUNT Acceptable Use Agreement TERMS AND CONDITIONS

Acceptable Usage Policy

HOSTED EXCHANGE SERVICES & HOSTED SHAREPOINT SERVICES TERMS AND CONDITIONS

Acceptable Use Policy - NBN Services

STAR TELEPHONE MEMBERSHIP CORPORATION ACCEPTABLE USE POLICY FOR BROADBAND INTERNET SERVICES

EFFECTIVE DATE: JULY 1, 2010

Acceptable Use Policy ("AUP")

Commonwealth Office of Technology

Policy Based Encryption Gateway. Administration Guide

INFORMATION TECHNOLOGY Policy 8400 (Regulation 8400) Data Security

Transcription:

Information Security Standards Email and Campus Communication Standard IS-ECC Effective Date TBD Email security@sjsu.edu # Version 2.0 Contact Mike Cook Phone 408-924-1705 Standard: Email and Campus Communication Page 1

Executive Summary The Email and Campus Communication standard defines the requirements for how SJSU s email and other forms of electronic communication should be used for employees and students. This standard of due care will help prevent the unauthorized loss of or destruction of sensitive campus information that is transmitted through email and other modes of communication. Workers must restrict their electronic communications to business matters. Page 2

Revision History Date Action 5/27/2014 Draft sent to Mike 12/1/2014 Reviewed. Content suggestions. Added comments. Hien Huynh 3/7/15 Review. Content changes. Prepared for publishing draft. Mike Cook Page 3

Table of Contents Executive Summary... 2 Introduction and Purpose... 6 Scope... 6 Standard... 6 Compliance to Email Standards... 6 Email Retention Standard... 6 Electronic Mail Communication for Employees... 6 Employees must use university email address... 6 People without university email address... 6 Refusal to service non SJSU addresses... 6 Faculty and Staff sending email to students... 6 Electronic Mail Communication for Students... 7 Official University Communications will use SJSU address... 7 Email forwarding... 7 Responsibility for lost and deleted emails... 7 Retention of important University documents... 7 Electronic Mail Communications Security... 7 Electronic Marketing Material Source... 7 Inappropriate Electronic Mail Messages... 7 Electronic Mail Privacy... 7 Electronic Mail Encryption... 7 Electronic Mail Message Monitoring Approval... 7 Electronic Mail Modification... 8 Centralized Control over Electronic Mail Systems... 8 Bulk Electronic Mail... 8 All Campus, All Students, All Staff Emails... 8 Sending Unsolicited Electronic Mail... 8 Distributing SJSU Information via Blogs... 8 Electronic Mail Attachments... 8 Unexpected Electronic Mail Attachments... 8 All Mail Servers Must Run Approved Spam-Filtering Software... 8 Responding to Spam Messages... 8 No Specific Information in Automated Electronic Replies... 9 Instant Messaging... 9 Transmission of sensitive information using IM... 9 Page 4

Telepresence Video Conferencing... 9 Approved Telepresence video conferencing application... 9 Web Conferencing... 9 Approved Web Conferencing application... 9 More Information... 9 Page 5

Introduction and Purpose The Email and Campus Communication standard defines the requirements for how SJSU email and other forms of electronic communication should be used for employees and students. This standard of due care will help prevent the unauthorized loss of or destruction of sensitive campus information that is transmitted through email and other modes of communication. Scope This standard applies to all SJSU State, Self-Fund, and Auxiliary ( campus ) email users with a sjsu.edu or mlml.calstate.edu email address. The information covered in this standard includes, but is not limited to, information that is either transmitted or shared via electronic mail, instant messaging, video conferencing, or collaboration technologies. Standard Compliance to Email Standards Email Retention Standard Specific requirements for the storage and deletion of email is specified in the Email Retention Standard. For more information, refer to the SJSU Email Retention Standard [1]. Electronic Mail Communication for Employees Employees must use university email address Any university employee must use their sjsu email address while conducting university business. University employees include faculty, staff, and administration. In order to maintain FERPA compliance, faculty shall not communicate with students via non university email addresses nor shall they forward university communications to a personal address. People without university email address Any auxiliary or other person needing a sjsu email address should be entered into the proper system as a person of interest, by contacting Human Resources for more information. Refusal to service non SJSU addresses IT services may refuse to service customers using non sjsu email addresses. Faculty and Staff sending email to students All faculty and staff must use the student s sjsu email address when sending email to students, especially sensitive information such as financial transactions or student records including assignments, grades, and other information pertaining to the student s record. Page 6

Electronic Mail Communication for Students Official University Communications will use SJSU address All official university communications will be delivered to employees and students at their sjsu email address. Official communications from administration and the president will go to SJSU email addresses only. It is the recipients responsibility to check their email regularly and respond to official communications as necessary. Email forwarding If the student wishes to use another address for campus communication, then they need to sign in and forward it to their other address. Responsibility for lost and deleted emails Users are responsible for any lost and deleted emails, including their email retention settings. Users are responsible for deleting old messages that are no longer needed. It is important to understand that when the user s mailbox is full, it might automatically delete previous messages in order to accept new ones. IT services does not have the ability to restore messages that have been deleted by the 3 rd party provider. Retention of important University documents Email should not be the sole mechanism for retaining important university documents. Students are encouraged to extract any important attachments from their email onto their hard drive on a regular basis for safe keeping. Electronic Mail Communications Security Information involved in electronic messaging should be appropriately protected. Electronic Marketing Material Source All marketing materials sent through electronic mail must include an accurate return address and must provide clear and explicit instructions permitting recipients to quickly be removed from the distribution list. Inappropriate Electronic Mail Messages Workers must not create and send, or even forward, any externally-provided electronic mail messages that may be considered to be harassing in nature, or that may contribute to the perception of a hostile work environment. Electronic Mail Privacy Electronic mail is considered by SJSU to be private information, and must therefore be handled as a private and direct communication between a sender and a recipient. Electronic Mail Encryption All sensitive information including, but not limited to, credit card numbers, passwords, and research and development information must be encrypted when transmitted through electronic mail. Currently this option is not available in the 3 rd party email system. All sensitive data must be encrypted prior to uploading as an attachment in email and must not be contained in the message body. Electronic Mail Message Monitoring Approval Email administrators must only access another users account in strict compliance with ICSUAM8105. Page 7

Electronic Mail Modification Workers must not modify, forge, or remove any information appearing anywhere in an electronic mail message including the body of the message or the header. Centralized Control over Electronic Mail Systems Centralized control over both inbound and outbound electronic mail will be provided by the Information Technology Department. All SJSU electronic mail must flow through systems established, operated, and maintained by that same department. All on-campus systems which send email externally must do through an SMPT relay server controlled by IT Services. Bulk Electronic Mail Workers must not use SJSU computer systems for the transmission of any type of unsolicited bulk electronic mail advertisements or commercial messages that are likely to trigger complaints from the recipients. All Campus, All Students, All Staff Emails Emails to complete campus constituent groups shall be sent only with Vice Presidential approval. These messages are not to be for the purposes of marketing or event announcement. IT Services shall provide a regulated system for the purpose of official mass communication, which must be capable of messaging each constituent group and synchronized with the Common Management System. Cabinet shall control access and utilization of this tool. Sending Unsolicited Electronic Mail Users must not send uninvited or unsolicited electronic mail (also known as spam) to a large number of recipients. This includes commercial advertisements, charitable solicitations, questionnaires/surveys, chain letters, and political statements. Distributing SJSU Information via Blogs Workers must not publish or otherwise communicate any SJSU internal information on the Internet, or in any other public forum, unless this public disclosure has first been approved by University Advancement. Such publishing includes, but is not limited to, weblogs (blogs), Internet discussion groups, social networks, and personal web pages. Further guidance about what information may be publicly released can be found in the Information Classification Policy. Electronic Mail Attachments Workers must not open electronic mail attachments unless they were expected from a known and trusted sender, and these attachments have been scanned by an approved anti-virus software package. Unexpected Electronic Mail Attachments Users who receive an unexpected attachment to an electronic mail message that does not have a credible business-related explanation must not open the attachment until they obtain a believable explanation from the sender. All Mail Servers Must Run Approved Spam-Filtering Software All SJSU mail servers must run the latest version of spam-filtering software approved by IT Services. Responding to Spam Messages To keep spam to a minimum, users must refrain from responding in any way to spam and must not purchase anything advertised in spam. Page 8

No Specific Information in Automated Electronic Replies Automated electronic mail replies should not include specific information, such as names and contact information for campus personnel that could be used to gain access to sensitive data. Instant Messaging Transmission of sensitive information using IM IM should not be used for communication of sensitive level 1 or level 2 confidential information, including confidential information contained in files. For more information on data classification, refer to the SJSU Security Standard for Information Classification and Handling [2]. Telepresence Video Conferencing Approved Telepresence video conferencing application Campus users and students must use the official approved Telepresence vendor and applications for campus communication. Web Conferencing Approved Web Conferencing application Campus users and students must use the official approved web conferencing solution application for campus communication. More Information [1] San Jose State University: Email Retention [2] San Jose State University: Security Standard for Information Classification and Handling Page 9

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information