Integrated CSU Administrative Manual

CSU POLICY

Section:   INFORMATION SECURITY POLICY

Section 8000 Policies

Policy Number:   8070.0

Policy Title: Information Systems Acquisition, Development and Maintenance

Policy Effective Date: April 19, 2010

Last Revision Date:  
(see revision history)

POLICY OBJECTIVE

The CSU Information Security policy provides direction and support for managing the acquisition, development and maintenance of CSU information systems.

POLICY STATEMENT

Campuses must integrate information security requirements into the software life cycle of information systems that contain protected data.  The security requirements must identify controls that are needed to ensure confidentiality, integrity, and availability.  These controls must be appropriate, cost-effective, and mitigate risks that may result from unauthorized access, use, disclosure, disruption, modification, or destruction of the protected data.

Benjamin F. Quillian
Executive Vice-Chancellor/Chief Financial Officer

Approved: April 19, 2010

APPLICABILITY AND AREAS OF RESPONSIBILITY

 

REVISION HISTORY

 

RESOURCES AND REFERENCE MATERIALS

Useful Guidelines:

 

Related Principles:

 

Sound Business Practices:

 

Laws, State Codes, Regulations and Mandates:

COGNIZANT OFFICE(S)

CO Manager:

Mr. William Perry
Chief Information Security Officer
CSU Office of the Chancellor
wperry@calstate.edu

Subject Expert:

Mr. William Perry
Chief Information Security Officer
CSU Office of the Chancellor
wperry@calstate.edu

Affinity Group:

 

Feedback/Questions/Comments