102: University Community Responsibilities
Information Security Policies & Procedures Manual
Section 100: Information Security Roles and Responsibilities
The purpose of this section is to clarify individual responsibility in handling information entrusted to the institution.
The University is required to protect certain information by federal laws, state laws, and State Board of Higher Education administrative rules. However, ready access to information is a requirement for academic inquiry and the effective operation of the institution. Current information technology makes it easier than ever for individuals to collect, process, and store information on behalf of the University; therefore, all individuals acting on behalf of the university need to understand their responsibilities.
Individuals, including faculty, staff, other employees, and affiliated third party users, who are part of the University Community have a responsibility to protect the information entrusted to the institution. When special protections are warranted, the appropriate Records Custodian will define appropriate handling requirements and minimum safeguards. All members of the OSU Community have an obligation to understand the relative sensitivity of information they handle, and abide by University policy regarding protections afforded that information. These protections are designed to comply with all federal and state laws, regulations, and policies associated with Information Security.
- Comply with University policies, procedures, and guidelines associated with information security.
- Meet or exceed the minimum safeguards as required by the Records Custodian based on the information classification.
- Comply with handling instructions for Protected Information as provided by the Records Custodian.
- Report any unauthorized access, data misuse, or data quality issues to your supervisor, who will contact the Records Custodian for remediation.
- Participate in education, as required by the Records Custodian(s), on the required minimum safeguards for Protected Information.