We hope that you will find the following summary of technology policies and procedures helpful. All the documents referred to in this section can be found on the navigation pane on the left. We strongly urge everyone to carefully read through the entire set of IT policies and procedures posted on this site.
All technology users agree to abide by all applicable policies and procedures adopted by the President, Cabinet and Board of Trustees of Elms College. A summary of the main technology policies that you should be aware of are highlighted below.
Incident Response and Reporting - Workforce members are required to report information security incidents within 24 hours of an occurrence. Examples of information security incidents include, but are not limited to:
- Loss or theft of equipment used to store data assets
- Compromised User ID or password
- Unauthorized access to computer systems or data storage locations
- Potential unauthorized disclosure of data assets
For additional details about the reporting requirements, refer to the Incident Response and Reporting Policy.
Information Security Awareness Training - All Elms College employees will be required to participate in annual Information Security Awareness Training and submit proof of compliance. New employees must complete the training within 14 days of hire. For more information refer to the Information Security Awareness Policy.
Workforce Security and Data Access - Each department will establish a process for granting authorization to access data assets for their employees. Workforce members shall not be allowed to access College data until proper authorization is granted. Contractors and third-party vendors require special consideration. For example, if you are hiring a consultant or third-party vendor to perform work for your department, you must obtain the proper authorization for them to access data assets. In addition, they must read, understand and sign the Acceptable Use Policy and Privacy Agreement for Third-Party Access.
Refer to the Workforce Security Policy and Information Security and Privacy Agreement for Third Party Access (Appendix D) for specific details.
Workstation Security - Appropriate measures will be taken to ensure the confidentiality, integrity and availability of data assets contained on workstations that may store, access, transmit or receive data. Examples of technical and physical safeguards include, but are not limited to:
- Workstations should be secured through screen lock or logout prior to leaving desk/area to prevent unauthorized access .
- Workforce members are not permitted to have local administrator privileges to Elms College workstations.
- All sensitive data must be stored on network servers.
- Monitors attached to workstations will be positioned away from public view.
- Workforce members who are assigned a portable device owned by Elms College must take necessary measures to secure the device.
Refer to the Workstation Security Policy for complete details of this policy.
Data Breach - Elms College is required to notify impacted Massachusetts residents and non-residents when there has been, or is reasonably believed to have been, a compromise of the individual’s private information in compliance with federal and state laws and regulations regarding privacy and confidentiality of information. For more information, refer to the Data Breach Policy.
Acceptable Use Policy for Technology Resources - This Policy has been updated and expanded. We strongly urge all users to take the time to read this new document. Users agree to comply with the Acceptable Use Policy and all other computing related policies and applicable laws when using and accessing Elms College computing resources.
Written Information Security Policy - This policy is intended to support the protection, control and management of Elms College's information assets and outlines the elements of the Information Security Program at Elms College. It ensures that the College establishes a comprehensive approach to information security, complies with federal and state laws and regulations regarding the collection of personal information as defined in MA 201 CMR 17 and FERPA, establishes effective practices for the protection and security of information assets, and outlines procedures for responding to breaches of information security. To view the full policy, refer to the Written Information Security Policy.