Computer Security Guidelines
Guidelines Applicability

All users of the San Jacinto College computing resources will follow the Computer Security Guidelines.

The San Jacinto College Security Guidelines apply to information resources owned by others in those cases where a contractual or fiduciary duty exists to protect the resources while in the custody of San Jacinto College District. In the event of a conflict, the more restrictive security measures apply.

Guidelines Statements

  • Information Resources are valuable assets and unauthorized use, alteration, destruction, or disclosure of these assets is a computer-related crime, punishable under Texas statues and federal laws.
  • Attempting to circumvent security or administrative access controls for information resources is a violation of these guidelines. Assisting someone else or requesting someone else to circumvent security or administrative access controls is a violation of these guidelines.
  • Use of college computing resources should be limited to the intended purpose. Use of college-owned computers (offices and computer labs) shall be limited to college-related business or incidental personal use. The San Jacinto College District has determined that employees may use computing resources for personal reasons as long as that use does not result in additional costs or damages to the college and generally does not hinder the day to day operations of college offices and facilities. Use of e-mail to solicit sales or conduct business, setting up a web page to advertise or sell a service all constitute commercial use and are prohibited. In addition, use of computing resources for commercial, religious or political purposes or personal gain is prohibited.
  • Person using Information Resources will acknowledge compliance with the Computer Security Guidelines when logon-ids and passwords are assigned, and in some cases, when an administrative application is accessed.
  • Violations of the Computer Security Guidelines will be reported to the San Jacinto College District Information Technology Services.
  • Violations of the Computer Security Guidelines that may be violations of state and federal laws will be reported to the appropriate legal authority.
  • Persons violating the Computer Security Guidelines will be subject to appropriate administrative and criminal sanctions.
  • All employees will receive the Computer Security Guidelines Summary Statement from the Human Resources Department.
  • Logon-ids and passwords must control access to all information resources except for those specific resources identified as having public access such as the On-Line Public Access Catalog Library System.
  • Passwords must be changed periodically by the logon-id owner as determined to be necessary by Information Technology Services.
  • The logon-id owner is responsible to manage their password.
  • The logon-id owner is responsible for all actions and functions performed by their logon-id.
  • All Information Resources used for mission critical applications should provide a notice at logon time stating that the computer system is protected by a computer security system; that unauthorized access is not permitted; and that useage may be monitored.
  • Information, which by law is confidential, must be protected from unauthorized access or modification. Data, which is essential to critical functions, must be protected from loss, contamination, or destruction.
  • Confidential information shall be accessible only by personnel who are authorized on a basis of strict "need to know" in the performance of their duties. Data containing any confidential information should be readily identifiable and treated as confidential in its entirety.
  • An audible, continuous chain of custody shall record the transfer of confidential information. When confidential information from a department is received by another department, the receiving department, the receiving department shall maintain the confidentiality of the information in accordance with the conditions imposed by the providing department.
  • All employees accessing a mission critical administrative application must receiving appropriate training and must acknowledge the security and privacy requirements for the date contained in the application.
  • When an employee terminates employment, their access to information resources will be terminated.
  • All information resources used for mission critical applications shall have a cost effective, written contingency plan that will provide for prompt and effective continuation of critical missions in the event of a disaster.
  • End-user workstations used in sensitive or critical tasks must have adequate controls to provide continued confidentiality, integrity, and availability of data stored on the system.
  • All end-user workstations will have virus protection software installed.
  • Computer software purchased using college funds is San Jacinto College property and shall be protected as such.
  • Physical access to all areas that house the facilities providing information resources shall be restricted to authorized personnel. Authorized visitors should be supervised and their entry and exit recorded in a log.
  • Individuals who believe they have experienced computer generated harassment or illegal discrimination are encouraged to contact the appropriate administrative office to file a complaint.
  • Internet access to the San Jacinto College Network will be controlled as appropriate under guidelines determined by Information Technology Services.

Guidelines Administration

The Computer Security Guidelines is administered by InformationTechnology Services. The Director of Information Technology Services, ortheir designee, has responsibility to:

  • Monitor computer security issued
  • Maintain records on computer security issues
  • Monitor compliance with these guidelines

These guidelines will be reviewed annually and updated as appropriate.


   :Next::>