Information Security

Policy Number: 
2502
Policy Responsibility: 
Vice-President, Finance & Administration
Approved: 
Board of Governors
Effective: 
November 22, 2012
Review: 
November 22, 2014

Context / Purpose: 

Information and the associated processes, systems and networks are valuable assets of the JIBC and the management of personal data has important implications for individuals. Appropriate protection is required for all forms of information to ensure business continuity and to avoid breaches of the law and/or contractual obligations. The JIBC is committed to the security of information, both within the college and in communications with third parties.

Policy Statement: 

This policy is intended to protect the security of the JIBC’s information assets and is applicable to all JIBC staff, faculty and students. 

Scope: 

Compliance with Law or Legislation

The JIBC holds and processes information about employees, students, and other data subjects for academic, administrative and commercial purposes. When handling such information, the JIBC, and those to whom this Policy applies, must be in compliance with the current BC Freedom of Information and Protection of Privacy Act (FOIPOP) [RSBC 1996]. Responsibilities under the FOIPOP Act are set out in the JIBC’s Freedom of Information and Protection of Privacy Policy.

Responsibilities

  1. Information security is the responsibility of all members of the JIBC community. Every person handling JIBC related information or using JIBC information systems is required to observe this Policy and these Regulations.
  2. The JIBC’s Technology Steering Committee which includes JIBC Executives may establish specific procedures to ensure information security with regard to the JIBC-related information is protected. These procedures may include a matrix that defines who is responsible for the security of certain types of information and the measures required to protect that information.
  3. Security Controls – The JIBC will maintain reasonable detection and prevention controls to protect against, and detect instances of, malicious software and unauthorized access to networks and systems. All users of JIBC’s computers, including laptops and mobile devices; on which JIBC-related information is kept shall comply with procedures established by the JIBC in order to ensure compliance with legislation and to ensure that up-to-date security controls are maintained on those systems.
  4. All members of the JIBC community must report immediately to the Director of Technology Services or their delegate any observed or suspected security incidents where a breach of this policy has occurred. 

Definitions: 

For the purposes of this Policy, “information security” means the preservation of:

a)      Confidentiality – i.e. protecting information from unauthorized access and disclosure;

b)      Integrity – i.e. safeguarding the accuracy and completeness of information and processing methods; and

c)       Availability – i.e. ensuring that information and associated services are available to authorized users when required.

For the purposes of this policy “information” includes all data and information that is printed or written on paper, stored electronically, transmitted by post or using electronic means including cloud based services or social media sites, shown on visual media, or spoken in conversation. 

Procedures

Policy Review

The JIBC’s Technology Steering Committee will review and make any recommendations for update of this policy to the JIBC Management Committee before it is submitted to the Board of Governors.

Last updated May 19, 2015