Policy

Information Security and Compliance Policies, Standards, and Guidelines

CSU Information Security Policy

The CSU Information Security Policy provides direction for managing and protecting the confidentiality, integrity, and availability of CSU information assets. In addition, the policy defines the organizational scope of the CSU information Security Policy.  Click here to access CSU Information Security Policy.

CSUDH Information Security and Privacy Policy

California State University, Dominguez Hills (CSUDH) establishes this Information Security and Privacy Program in compliance with the CSU Information Security Policy, "Establishing an Information Security and Privacy Program." CSUDH recognizes the importance of protecting University technology resources and user data. Click here to access CSUDH Information Security and Privacy Policy.

• Information Security Incident Management Breach Notifications and Procedures
• Level 1 and Level 2 data Classification, 8065.S02 Information Security Data Classification

CSUDH Responsible Use Policy

The California State University, Dominguez Hills (CSUDH) follows CSU Responsible Use Policy; The CSU Responsible Use Policy ICSUAM 8105.00 provides access to information assets for purposes related to its mission and its responsibilities and necessary activities faculty, students and staff. These resources are vital for the fulfillment of the academic, research, and business needs of the CSU community. This policy defines users (e.g., faculty, staff, students, third parties, etc.) and CSU responsibilities with respect to the use of CSU information assets in conjunction with the CSU Information Security Policy.

Consistent with published CSUDH Information Security and Privacy Policy, CSUDH User Responsible Use Policy, outlines the roles and responsibilities of the Users. This policy is further supported by related IT standards and guidelines that facilitate University compliance with the recommendations, audit requirements, actions, and safeguards necessary to mitigate risks, protect information assets, and user data.

• User Responsible Use Policy

Information Technology Standards

California State University, requires that each campus implement or adopt a program for providing information security training to employees appropriate to their level of access to campus assets. Click Here to access Information Technology Security Policy and related Guidelines.

CSUDH Internal IT Standards (Authentication Required)

Security Awareness

The campus information security awareness program must also promote strategies for protecting information assets containing protected data. Click Here to access CSU Information Security Awareness and Training Requirements.

All employees with access to protected data and information assets must participate in appropriate information security awareness training. When appropriate, information security training must be provided to individuals whose job functions require specialized skill or knowledge in information security.

CSU Policy Page

CSUDH Presidential Memo

Accessibility

• About Accessibility at CSUDH
• CSU Accessible Technology Initiative

Privacy

• The CSU is committed to safeguarding the privacy of all visitors to our websites and applications. This notice describes our privacy policy as it relates to the collection, protection, and disclosure of information resulting from the use of University websites and applications; both information that is collected automatically and information that is provided voluntarily. In particular, we do not redistribute or sell personal information collected through our website and applications.
• CSUDH Privacy Policy

Copyright

• CSUDH Copyright Policies
• Peer-to-Peer File Sharing
  Students should be aware that the unauthorized sharing of peer-to-peer file copyrighted works, including music, pictures, and movies, is a violation of campus computer use policy. It is also illegal and may carry significant money and/or criminal sanctions. It is the responsibility of students who are downloading or uploading documents to make certain that they are not copyrighted works, or that the student has the permission of the copyright holder.  CSU General Counsel Christine Helwick, September 3, 2003

Telephone Policy and Guidelines

• Click here to see Telephone Policy and Guidelines

CSUDH Web Policy

• Click here to see CSUDH Web Policy

What Is FERPA?

The Family Educational Rights and Privacy Act (FERPA) (20 U.S.C. § 1232g; 34 CFR Part 99) protects the privacy of student education records. FERPA is a federal law that applies to all schools that receive funds under an applicable program of the U.S. Department of Education.

Why Is FERPA Important to Our Campus?

All faculty, staff and students, including temporary employees, student assistants and consultants, must comply with state and federal laws and University policies regarding the access to, and use of, student education records, whether these records are printed or electronic. Maintaining the confidentiality of student education records is everyone's responsibility.

Who Has Access to Student Records?

Only those individuals who have been authorized as having a legitimate reason to access student education records can do so. Access to student education records is strictly limited to the specific information and data that is relevant and necessary for those authorized individuals to perform their job-related duties.

How Can I Obtain Access to Student Records?

Review all the information on this site, presented in the form of a tutorial, to become familiar with the rules governing the handling and release of student education records.

For employees, after completing the tutorial and test, save the Certificate of Completion as PDF and send it to your supervisor who will file it in your official personnel file.

For student assistants, after completing the tutorial and test, save the Certificate of Completion as PDF and send it to your supervisor who will file it in your student personnel file.

For vendors/consultants, after completing the tutorial, save the Certificate of Completion as PDF and send it to your campus sponsor to be included with your contract documents.

A FERPA Certificate of Completion must be renewed every two years.  If an applicant does not have a certificate or if the certificate has expired, the request for access to students’ records, or any other administrative system, will not be processed until a new certificate is issued.

Access to grading and class rosters is granted to faculty when the department assigns a course to faculty.

Where Can I Complete the FERPA Training?

Everyone who has a CSUDH ID account is required to complete a FERPA training. Depending on who you are, you will access FERPA training differently.

For CSUDH faculty, student assistants, and staff, you will complete the FERPA training through CSU Learn. To access CSU Learn, log on to the My CSUDH Portal at MY CSUDH and click on the CSU Learn link under the Quick Launch menu on the left.  In CSU Learn, click on Assigned Learning, then click on Data Security and FERPA to begin your training.

Note: For newly hired employees, your CSU Learn account will be created by the Chancellor's Office based on your employment activation date. It will take approximately three days after your start date before you receive an email message from CSU Learn that the Data Security and FERPA training has been assigned to you.  If you take the Department of Education's FERPA 101 for Colleges and Universities prior to your employment start date, you are still required to take the Data Security and FERPA training since the CSU Learn training is focused primarily on Data Security with only a small portion focused on the FERPA topic.

For individuals who are not employees (e.g., third-party vendors) or volunteers processed through Human Resources Management, you will complete the FERPA 101 for Colleges and Universities training available on the Department of Education website:  FERPA 101: For Colleges & Universities. Once you have completed the training, email your certificate of completion to your CSUDH contact or the contracting department contact at CSUDH.

For questions with problems related to FERPA, My.CSUDH.edu ID account, or CSU Learn, contact the IT Help Desk at 310-243-2500 or Open IT ticket.

University Issued Device User Agreement

For Students

The undersigned student is being issued a Loaner Device (hereafter referred to as “device”), including the charging adapter, through the Information Technology (IT) Division of California State University, Dominguez Hills (CSUDH). Outlined are the Terms and Conditions for TECHNOLOGY LOANER PROGRAM, which is for Currently Enrolled Students for the semester identified within this contract. This Agreement is between the person signing University-Issued Device User Agreement for Students (“You, Your”) and CSUDH, and governs all device loans from CSUDH, Division of Information Technology (IT).

Terms and Conditions of This Agreement

1. Your initials and signature on this Agreement evidences you have read, understand, and agree to this program’s rules and conditions incorporated herein, and any document with the final charges when applicable.
2. All information you provide on this agreement is true and correct.
3. You understand by submitting this signed Agreement, you are requesting CSUDH to accept your enrollment in the Technology Loaner Program (“Program”). CSUDH and/or IT staff may, at its sole discretion, accept or deny your application for the Program with or without explanation to you.
4. CSUDH and/or the IT Division reserves the right to permanently and/or from time to time change, modify, restrict, suspend,and/or terminate this Agreement and/or the Program.
5. All devices identified in this agreement are property of the CSUDH campus. You guarantee that the device(s) will be operated as required by this Agreement and in accordance with all applicable CSUDH policies and procedures. This device is subject to routine auditing by IT User Services staff, with or without notice, to ensure that there has been no unlawful use of such equipment.
6. You acquire no title or ownership to the device and understand that the equipment provided hereunder is limited to your exclusive use and is not transferable to any other individual.
7. You agree to defend, indemnify, and hold CSUDH harmless from and against all loss liability or damages whatsoever, caused by or arising out of use, operation, or maintenance of the device during the course of this Agreement.
8. You agree to keep the device in the clean and working condition you received it. Please keep food and drink away from the device.
9. Hardware may not, in any way, be damaged, removed or adjusted.
10. You will not permanently install software or applications, remove software or applications, tamper with or reconfigure the operating system or components, remove the wireless card, alter any settings or attempt to repair the device without the consent of CSUDH. Furthermore, you agree to stop using the device if the operating system reports irreparable hardware failure and to inform the IT User Services Division at (310) 243-2500, option 1, of the problem as soon as possible.
11. Files should not be permanently stored on this device. Any files saved to the device are subject to removal by IT User Services staff. CSUDH is not responsible for any loss of data incurred in the event of system failure.
12. This device is intended to be used for CSUDH coursework and/or pre-installed campus software via a wireless network for qualifying Technology Loaner Program students. Attempts to use the device for any other purpose may result in immediate revocation of your privilege under this Agreement and/or fees for inoperability or damage caused to the device.
13. Illegal and inappropriate uses of this device include, but are not limited to:
    1. Offering pirated computer programs or links to such programs.
    2. Offering information used to circumvent manufacturer installed copy-protected devices (including serial or registration numbers for software programs) or any type of hacker utilities.
    3. Gathering personally identifiable information for unlawful purposes, with or without consent and statement of intention of use for commercial purposes.
    4. Accessing or generating materials containing any kind of nudity or pornographic content, as well as any material exploiting children under 18 years of age. Reference: http://tg9sy2.dektinary.com/it/security-compliance/policy/
    5. Inappropriate disclosure of any personally identifiable information belonging to children.
    6. Generating, accessing or distributing material that is defamatory, trade libelous, unlawfully threatening, unlawfully harassing or otherwise unlawful.
    7. Infringing on intellectual property, including patents, copyrights, trademarks, or trade secrets.
    8. Displaying any kind of commercial sponsorship or ad banner, including those generated by banner or link exchange services, not sponsored by CSUDH.
    9. Conducting raffles or contests that require any type of entry fee.
    10. Using your email account to facilitate distribution of, or responses to unsolicited email.
    11. Use of this device for any other purposes that would be violation of CSU Executive Order 1098.
14. The devices available for checkout through the Division of Information Technology may be used only after proper training has been completed. If you do not know how to use a program, do not use it and ask for assistance immediately by contacting IT User Services. It is important that you clearly understand how to use these devices.
15. You must return the device in the same condition you received it by the end of the semester (or earlier if requested by the IT Division or CSUDH).
    1. Failure to return the device in a timely manner or in the condition received AND on the date due shall result in the assessment of charges by CSUDH, up to and including the full cost of replacement of device (at its current market value), as a result of any “irreparable” damage, abandonment or loss, illegal use, missing parts, or failure to return the device.
    2. If the device is deemed “damaged but reparable” or the device is under warranty, there will be a deductible and replacement is subject to approval by I.T. All charges are subject to audit and shall be paid within 30 days of the reported damage/loss.
    3. Failure to pay any fees or charges may result in a hold being placed on your records pursuant to California Code of Regulations, Title 5, Section 42380 et seq., and you understand your privilege to receive a replacement University-issued device will be rescinded.

If the device is not operating properly, please notify IT User Services immediately by calling (310) 243-2500, option 1, or via an IT Support Ticket at http://csudh.service-now.com.

For Employees

The undersigned employee is being issued a University-owned and approved device through the I.T. Device Program. Users are expected to use good judgment and reasonable care to protect and preserve the integrity of CSU equipment, data and software, and access. I understand that I am being issued this device and access to campus data based on the terms of this agreement and my acceptance of the terms and conditions for such use as defined in ICSUAM 8000, including but not limited to the CSU Responsible Use Policy 8105.00.

Terms and Conditions of This Agreement

1. The device is to be used to conduct activities consistent and conducive to business relating to CSUDH.
2. It is CSUDH policy that the device issued is not to be used for personal purposes or private gain/advantage.
3. You accept responsibility for all charges deemed to be outside of CSUDH business and/or Cellular Telephone Policy.
4. You agree that the device is not to be used while operating automobiles or other equipment.
5. You acknowledge the service plan outlined below and agree to adhere to it or seek approval of adjustment to the existing service plan. Any adjustments to an existing service plan will also require modification and/or execution of a new Mobile Device and Property Loan Agreement.
6. Accounts Payable will process payment for the device and send copies of the invoices to your department. Your department will review the monthly invoices.
7. You shall make any reimbursement by forwarding a check to Accounts Payable, made payable to “CSUDH”, noting the account number to be reimbursed. The check should reference the device’s telephone number in the memo section of the check.
8. You accept responsibility for the appropriate use and security of the device. Keep food and liquids away from it.
9. You are responsible for all calls to/from the device, whether made by you or by other individuals.
10. You understand this service is a privilege and failure to follow the terms and conditions contained in the agreement can result in revocation of this privilege.
11. If the device is lost or stolen, you must submit a Police Report with the assigned Case Number via email to techcheckout@dektinary.com. Once the report is received by the Technology Checkout Program, the device will be removed from your responsibility.

The undersigned employee accepts responsibility for appropriate device use and data security procedures. No CSU Protected Level 1 data will be stored on the device. The undersigned employee understands this service is a privilege, and failure to follow the all appropriate procedures could result in the revocation of this agreement. For more information, please visit the Security Compliance campus page: http://tg9sy2.dektinary.com/it/security-compliance/.

My initials confirm that I have completed Data Security and FERPA training.*

It is the responsibility of the undersigned employee to take appropriate precautions to prevent damage to or loss/theft of this university-issued device. If this device is lost or stolen, the undersigned agrees to contact the local Police Dept immediately, and file a Police report, send an email to ISO@dektinary.com, followed by contacting I.T. User Services at (310) 243-2500, option 1, to report the loss. The undersigned employee agrees to pay all costs associated with the repair/replacement of the device for which the undersigned employee has been responsible.** Should the undersigned employee or the issuing department terminate the service(s), or if he/she transfers to another university department, he/she must return the university-issued device and accessories to the main I.T. office or Human Resources at the time of termination, or prior to department transfer, as part of the separation process outlined by Human Resources.

* Employees who work with student data must first complete DATA SECURITY AND FERPA training before PeopleSoft access is granted. For further information, please visit: http://tg9sy2.dektinary.com/records-registration/records/ferpa/. To take this training, please log in to my.dektinary.com portal and launch CSULearn.

** If I.T. determines that a device has “irreparable damage” or the device is lost/stolen (Police Report Required), employee will be responsible up to and including the full cost of replacement of the device (at its current market value) relating to damage, abandonment or loss, illegal use, missing parts, or failure to return the device. If the device is deemed “damaged but reparable” or the device is under warranty, there will be a deductible and replacement is subject to approval by I.T. All charges are subject to audit and shall be paid within 30 days of the reported damage/loss. If the charge is not paid within 30 days, the employee understands their privilege to receive a replacement University-issued device will be rescinded. If the employee declines/refuses to pay for repair or replacement of the device, I.T. will not be obligated to repair or replace the device, and the employee shall be responsible for damage/loss as part of the separation process outlined by Human Resources.

Vendor Terms and Conditions (Acceptable Use Policy)

Zoom Acceptable Use Policy

Zoom has a very strong and professional Acceptable Use Policy that governs all uses of Zoom services. This policy defines the standards Zoom expects its Customers and End Users to adhere to while using Zoom services.  Included in this policy is the Reasonable Use information stating that “Zoom provides video conferencing services for business collaboration.  Zoom anticipates that customers will use the services in a reasonable manner, given the business purpose.  As such, Zoom may limit, suspend or terminate access if an End User’s use exceeds reasonable standards…”

Dropbox Acceptable Use Policy

Dropbox is used by millions of people. In exchange, Dropbox trusts their users to use their services responsibly. Dropbox users agree not to misuse the Dropbox services ("Services") or help anyone else to do so. Dropbox Acceptable Use Policy is posted on their website.

Microsoft Acceptable Use Policy

Microsoft Acceptable Use Policy identifies activities that you are prohibited from engaging in when using Microsoft Online Services ("Services" or in the case of an individual service, "Service"), which includes any Service that links to this Acceptable Use Policy.

Blackboard Terms and Conditions

These Terms govern your access to and use of Blackboard software, products, and/or services (individually or collectively, the "Products") and any information, content, text, graphics, photos or other materials uploaded, downloaded, purchased, or appearing on or through the Products (collectively referred to as "Content"). Additional terms or product requirements may apply to our individual Products and are available with the relevant Product. These Terms apply to all visitors, users, and others who access and use the Products ("Users").

G Suite Acceptable Use Policy

Use of the Services is subject to this Acceptable Use Policy ("AUP").

If not defined here, capitalized terms have the meaning stated in the applicable contract ("Agreement") between customer, reseller or other authorized user ("You") and Google.

Palo Alto Networks Acceptable Use Policy

Use of Palo Alto Networks’ WildFire APIs, WildFire threat intelligence (including in the form of data, verdicts, reports, and analysis), and any derivative works based on any WildFire or WildFire-related services (collectively, the “WildFire Technology”) is subject to this Acceptable Use Policy.

Adobe General Terms of Use

These General Terms of Use (“General Terms”), along with any applicable Additional Terms (see section 1.2 (Additional Terms) below) (collectively, the “Terms”) govern your use of and access to our website, customer support, discussion forums or other interactive areas or services, and services such as Creative Cloud (collectively, the “Services”) and software that we include as part of the Services, as well as any applications, including mobile applications, Sample Files and Content Files (defined below), scripts, instruction sets, and related documentation (collectively, the “Software”).