Skip to main content

University Policy Manual

TRUST RELATIONSHIPS

Effective: August 15, 2024

Purpose: Emporia State University is committed to maintaining the confidentiality, integrity, and accessibility of the information assets it owns or controls.

Some information is more sensitive due to legal responsibilities or it is critical to the operations of the University. Therefore, systems that contain or manage this type of information require more stringent safeguards.

This policy sets out to ensure that all systems containing sensitive or confidential University information in accordance with the policy on Information Classification are kept in a secured computing environment.

Scope: This policy applies to all servers managing or containing information classified as sensitive or confidential University information in accordance with the policy on Information Classification.

Responsible Office: Information Technology

Policy Statement: Information Technology (IT) is responsible for ensuring that all affected IT managed systems are in compliance with this policy. The Information Security Officer (ISO) is responsible for monitoring and reporting compliance with this policy. The ISO is responsible for reviewing this policy annually.

Unit Support Personnel are responsible to ensure all systems not managed by IT meet the Secure Server Baseline Standards.

All systems managing or containing information classified as Sensitive or Confidential University information in accordance with the policy on Information Classification must:

  • Be located in a secured, limited access environment;
  • Be hardened in accordance to the Secure Server Baseline Standards; and
  • Have no shared authentication with other systems (e.g., the ability to log onto the system without specifically authenticating to a system).

The President or designee must approve any exceptions to this policy.

Definitions: All words and phrases shall be interpreted utilizing their plain meanings unless otherwise defined in another University or Board of Regents policy or by statute or regulation.

Procedures: All procedures linked and related to the policies above shall have the full force and effect of policy if said procedures have first been properly approved by the University’s administrator in charge of Information Technology.

[Information Technology procedures - coming soon]

Related Policy Information: [coming soon]

History and Revisions

Adoption Date:
10/20/2006 [FSB 06017 passed by Faculty Senate on 10/03/2006, approved by President, and included in UPM as Policy 3J.27]
Revision Date:
10/02/2013 [Policy updated]
04/26/2019 [FSB 18018 passed by Faculty Senate 04/16/2019; approved by President]
08/15/2024 [Policy format revised as part of UPM Revision]