Information Technology Policy

Purpose:

This policy ensures the Winona State University (WSU) community can locate and understand their responsibilities and business practices associated with Information Technology (IT). This policy recognizes the external Laws, Regulations, Statutes, Policies, Frameworks, Guidelines and Minnesota State System Operating Instructions that Winona State University is obligated to enforce. This policy tasks and authorizes the Chief Information Officer to adopt and implement local IT policies that address these requirements.

Policy:

Winona State University strives to adopt behavioral and technological controls that align with the 2015 Minnesota State System adoption of ISO 27001:13 auditing framework as pertinent to achieve compliance with the list of known regulating entities list that is included in addendum.

Information Technology Services documents and provides access to campus policies, procedures and mandatory operating instructions in a manner relevant to end-users and efficient for IT auditing.  The CIO authorizes the publication of IT policy required by external regulating entities.  The CIO communicates these WSU policies to the campus community as a notice of adoption.  Policies enforcing controls in addition to external mandates are routed through the framework established by 1-1 Policy on Policies.

Details of WSU Information Technology policies, procedures and documentation of regulating entities and documents known to apply to WSU are maintained in a campus accessible intranet by the campus CIO.

Subsequent Procedure:

• 7-1 A Information Technology Procedure

History:

Adoption date: 06/07/2015
Implementation date: 06/07/2015