Information Security Manual
Section 000: Introductory Material
Effective: 01/11/2010

The OSU Information Security Manual documents key elements of OSU’s Information Security Program, including Policies and Procedures required by Oregon law, Oregon University System Rules, and Information Security best practices. Its formation was specifically dictated by the Oregon University System Information Security Policy (OAR 580-055-0000) and the Oregon Consumer Identity Theft Protection Act of 2007 (more info at http://www.cbs.state.or.us/dfcs/id_theft.html).

OSU takes its responsibility to protect and care for the information entrusted to us by our students, faculty, staff, and partners seriously.  Policies and Procedures outlined in this manual are meant to document how we will meet our  responsibilities as stewards of information entrusted to us as an institution of higher education.  This manual is not intended to be step by step guide for faculty and staff; however, elements of it may be required reading in certain circumstances.

Information Security Policies apply to all members of the OSU Community; however, in certain circumstances specific restrictions on information may be required by the terms of a grant, federal law, or departmental policies.  In the event of an inconsistency or conflict, applicable law and the State Board of Higher Education’s policies supersede University policies and University policies supersede college, department or lower unit bylaws, policies, or guidelines. 

These policies and procedures apply regardless of the media on which information resides. Specifically they apply to paper and traditional hard copy information, as well information on electronic, microfiche, CD\DVD, or other media. They also apply regardless of the form the information may take; for example: text, graphics, video or audio, or their presentation.