Policies and Procedures

Information Technology Policies

Access to modern information technology is essential to the university’s mission. The following policies regarding information technology and security have been established in the Kent State University Policy Register:

Information Technology Procedures

The Division of Information Services has developed the following procedures and guidelines to support the information technology and security policies.

Security Requirements for Faculty and Staff

A list of university security requirements put in place to maintain the integrity of the electronic information, especially that which pertains to our faculty, staff, and students.

International Travel for Faculty and Staff 

Several countries are considered to have a higher risk associated with them for identity and data security than most other countries. There are several steps that you and your department's local support/AFS members should take to ensure you have safe travels. These documents suggests items that Kent State University's Office of Security and Access Management strongly encourages you to complete to help make your trip easier, but most importantly, safer for you and your data.

Reporting Security Incidents

Incident Response

The Office of Security and Access Management assists in responding to and investigating incidents related to the misuse of Kent State University computing systems. Computer system security breaches resulting in unauthorized disclosure of University data or abuse of computing resources should be reported immediately to the Office of Security and Access Management.

In the event of an incident, call 330-672-5566. If your call is unanswered, listen carefully to the voicemail greeting for additional instructions. Please leave a detailed message, including a phone number you can be reached. It is very important that you reach a human being so that the issue can be addressed promptly.

Procedure Regarding Unauthorized (Rogue) Wireless Access Points and Routers

University policy prohibits the deliberate degradation of the performance of network resources or access.

See more information Rogue wireless access points and routers

Vendor Assessment Tool

In order to protect Kent State University and its systems, vendors whose products/services will access/host university data must complete the Higher Education Cloud Vendor Assessment Tool (HECVAT). This process assists the university in preventing breaches of protected information and comply with university policy, state, and federal law.

This is intended for use by vendors participating in the request for proposal (RFP) process with Kent State University and it should be completed by the vendor. There is a light and full version of the assessment tool. The vendor will need to fill out the version that corresponds with what type of university data they will access/host.

Credit Card Processing

Guidelines have been established to be used by departments when collecting credit card information from individuals in order to process payments for services, purchases, registrations, etc. Read more about credit card information security.

Credit Card Data Compromise: Incident Response Plan

This incident response plan provides guidance for identification, containment, notification, verification, communication, investigation, and remediation of incidents involving credit card data. 

Information Security Incident Response Plan

This incident response plan provides guidance for identification, containment, notification, verification, communication, investigation, and remediation of incidents involving university data. 

KSU Google Apps

Kent State University issues Google Apps accounts to all student employees, faculty and staff.

Google Apps is a communications and collaboration suite consisting of a core set of applications that may be used to perform both educational as well as academic and other university-related functions. 

For more information please read the  KSU Google Terms of Service.

Security Firewalls

For more information about firewalls, please contact the security group at 330-672-5566.

Kent State University Wireless Networks Terms of Use

Terms of use for connecting to and using the Kent State University wireless networks.

Working with Sensitive Data and Elevated Access in Enterprise Applications Like Banner

When working with elevated privileges in the ERP, CRM, or similar applications, or sensitive data such as those identified in our data handling guidelines, work should be done on university managed machines.

Secure Disposal of Equipment

Disposal of IT Equipment

Obsolete and damaged electronic equipment includes devices that plug into the wall or operate with batteries. For more information, please see the service catalog entry regarding disposal of IT equipment.

Disposal of DVDs, CDs and magnetic tapes

Information Services offers a secure means to dispose of surplus magnetic tapes, CDs and DVDs. Please see disposing of surplus media.

 

Financial Aid Data and Storage Devices

Due to GLBA regulations, the storage and transfer of financial aid data on portable storage devices such as external hard drives and thumb drives is not permitted. Storage and sharing of financial aid data should be done through approved services such as OneDrive, Teams and SharePoint. Please exercise good judgement when sharing sensitive data of this type, limiting access to only those who have a legitimate business reason to engage with this data. Do not use the “share with everyone in the organization” permission. If you have a reason why you need to use external storage, reach out to the security department for guidance at security@kent.edu