• No results found

Standard: and Campus Communication

N/A
N/A
Info
Download
Protected

Academic year: 2021

Share "Standard: and Campus Communication"

Copied!
9
0
0

Loading.... (view fulltext now)

Download now ( 9 Page )

Full text

(1)

S A N J O S É S T A T E U N I V E R S I T Y

DRAFT --- Friday, August 14, 2015 Page 1

Information Security Standards

Email and Campus Communication

Standard #

IS-ECC Effective Date TBD Email [email protected]

Version 2.0 Contact Mike Cook Phone 408-924-1705

Standard: Email and Campus

Communication

(2)

S A N J O S É S T A T E U N I V E R S I T Y

DRAFT --- Friday, August 14, 2015 Page 2

Executive Summary

The Email and Campus Communication standard defines the requirements for how SJSU’s email and other forms of electronic communication should be used for employees and students. This standard of due care will help prevent the unauthorized loss of or destruction of sensitive campus information that is transmitted through email and other modes of communication. Workers must restrict their electronic communications to business matters.

(3)

S A N J O S É S T A T E U N I V E R S I T Y

DRAFT --- Friday, August 14, 2015 Page 3

Revision History

Date Action

5/27/2014 Draft sent to Mike

12/1/2014 Reviewed. Content suggestions. Added comments. Hien Huynh

(4)

S A N J O S É S T A T E U N I V E R S I T Y

DRAFT --- Friday, August 14, 2015 Page 4

Table of Contents

Executive Summary ... 2

Introduction and Purpose ... 6

Scope ... 6

Standard ... 6

Compliance to Email Standards ... 6

Email Retention Standard ... 6

Electronic Mail Communication for Employees ... 6

Employees must use university email address ... 6

People without university email address ... 6

Refusal to service non SJSU addresses ... 6

Faculty and Staff sending email to students ... 6

Electronic Mail Communication for Students ... 7

Official University Communications will use SJSU address ... 7

Email forwarding ... 7

Responsibility for lost and deleted emails ... 7

Retention of important University documents ... 7

Electronic Mail Communications Security ... 7

Electronic Marketing Material Source ... 7

Inappropriate Electronic Mail Messages ... 7

Electronic Mail Privacy ... 7

Electronic Mail Encryption ... 7

Electronic Mail Message Monitoring Approval ... 7

Electronic Mail Modification ... 8

Centralized Control over Electronic Mail Systems ... 8

Bulk Electronic Mail ... 8

All Campus, All Students, All Staff Emails ... 8

Sending Unsolicited Electronic Mail ... 8

Distributing SJSU Information via Blogs ... 8

Electronic Mail Attachments ... 8

Unexpected Electronic Mail Attachments ... 8

All Mail Servers Must Run Approved Spam-Filtering Software ... 8

Responding to Spam Messages ... 8

No Specific Information in Automated Electronic Replies ... 9

Instant Messaging ... 9

(5)

S A N J O S É S T A T E U N I V E R S I T Y

DRAFT --- Friday, August 14, 2015 Page 5

Telepresence Video Conferencing ... 9

Approved Telepresence video conferencing application... 9

Web Conferencing ... 9

Approved Web Conferencing application ... 9

(6)

S A N J O S É S T A T E U N I V E R S I T Y

DRAFT --- Friday, August 14, 2015 Page 6

Introduction and Purpose

The Email and Campus Communication standard defines the requirements for how SJSU email and other forms of electronic communication should be used for employees and students. This standard of due care will help prevent the unauthorized loss of or destruction of sensitive campus information that is transmitted through email and other modes of communication.

Scope

This standard applies to all SJSU State, Self-Fund, and Auxiliary (“campus”) email users with a “sjsu.edu” or “mlml.calstate.edu” email address. The information covered in this standard includes, but is not limited to, information that is either transmitted or shared via electronic mail, instant messaging, video conferencing, or collaboration technologies.

Standard

Compliance to Email Standards

Email Retention Standard

Specific requirements for the storage and deletion of email is specified in the Email Retention Standard. For more information, refer to the SJSU “Email Retention Standard” [1].

Electronic Mail Communication for Employees

Employees must use university email address

Any university employee must use their “sjsu” email address while conducting university business. University employees include faculty, staff, and administration. In order to maintain FERPA compliance, faculty shall not communicate with students via non university email addresses nor shall they forward university communications to a personal address.

People without university email address

Any auxiliary or other person needing a “sjsu” email address should be entered into the proper system as a person of interest, by contacting Human Resources for more information.

Refusal to service non SJSU addresses

IT services may refuse to service customers using non “sjsu” email addresses.

Faculty and Staff sending email to students

All faculty and staff must use the student’s “sjsu” email address when sending email to students, especially sensitive information such as financial transactions or student records including assignments, grades, and other information pertaining to the student’s record.

(7)

S A N J O S É S T A T E U N I V E R S I T Y

DRAFT --- Friday, August 14, 2015 Page 7

Electronic Mail Communication for Students

Official University Communications will use SJSU address

All official university communications will be delivered to employees and students at their “sjsu” email address. Official communications from administration and the president will go to SJSU email addresses only. It is the recipients responsibility to check their email regularly and respond to official communications as necessary.

Email forwarding

If the student wishes to use another address for campus communication, then they need to sign in and forward it to their other address.

Responsibility for lost and deleted emails

Users are responsible for any lost and deleted emails, including their email retention settings. Users are responsible for deleting old messages that are no longer needed. It is important to understand that when the user’s mailbox is full, it might automatically delete previous messages in order to accept new ones. IT services does not have the ability to restore messages that have been deleted by the 3rd party provider.

Retention of important University documents

Email should not be the sole mechanism for retaining important university documents. Students are encouraged to extract any important attachments from their email onto their hard drive on a regular basis for safe keeping.

Electronic Mail Communications Security

Information involved in electronic messaging should be appropriately protected.

Electronic Marketing Material Source

All marketing materials sent through electronic mail must include an accurate return address and must provide clear and explicit instructions permitting recipients to quickly be removed from the distribution list.

Inappropriate Electronic Mail Messages

Workers must not create and send, or even forward, any externally-provided electronic mail messages that may be considered to be harassing in nature, or that may contribute to the perception of a hostile work environment.

Electronic Mail Privacy

Electronic mail is considered by SJSU to be private information, and must therefore be handled as a private and direct communication between a sender and a recipient.

Electronic Mail Encryption

All sensitive information including, but not limited to, credit card numbers, passwords, and research and development information must be encrypted when transmitted through electronic mail. Currently this option is not available in the 3rd party email system. All sensitive data must be encrypted prior to uploading as an attachment in email and must not be contained in the message body.

Electronic Mail Message Monitoring Approval

Email administrators must only access another users account in strict compliance with ICSUAM8105.

(8)

S A N J O S É S T A T E U N I V E R S I T Y

DRAFT --- Friday, August 14, 2015 Page 8

Electronic Mail Modification

Workers must not modify, forge, or remove any information appearing anywhere in an electronic mail message including the body of the message or the header.

Centralized Control over Electronic Mail Systems

Centralized control over both inbound and outbound electronic mail will be provided by the Information Technology Department. All SJSU electronic mail must flow through systems established, operated, and maintained by that same department. All on-campus systems which send email externally must do through an SMPT relay server controlled by IT Services.

Bulk Electronic Mail

Workers must not use SJSU computer systems for the transmission of any type of unsolicited bulk electronic mail advertisements or commercial messages that are likely to trigger complaints from the recipients.

All Campus, All Students, All Staff Emails

Emails to complete campus constituent groups shall be sent only with Vice Presidential

approval. These messages are not to be for the purposes of marketing or event announcement. IT Services shall provide a regulated system for the purpose of official mass communication, which must be capable of messaging each constituent group and synchronized with the Common Management System. Cabinet shall control access and utilization of this tool.

Sending Unsolicited Electronic Mail

Users must not send uninvited or unsolicited electronic mail (also known as spam) to a large number of recipients. This includes commercial advertisements, charitable solicitations, questionnaires/surveys, chain letters, and political statements.

Distributing SJSU Information via Blogs

Workers must not publish or otherwise communicate any SJSU internal information on the Internet, or in any other public forum, unless this public disclosure has first been approved by University Advancement. Such publishing includes, but is not limited to, weblogs (blogs), Internet discussion groups, social networks, and personal web pages. Further guidance about what information may be publicly released can be found in the Information Classification Policy.

Electronic Mail Attachments

Workers must not open electronic mail attachments unless they were expected from a known and trusted sender, and these attachments have been scanned by an approved anti-virus software package.

Unexpected Electronic Mail Attachments

Users who receive an unexpected attachment to an electronic mail message that does not have a credible business-related explanation must not open the attachment until they obtain a

believable explanation from the sender.

All Mail Servers Must Run Approved Spam-Filtering Software

All SJSU mail servers must run the latest version of spam-filtering software approved by IT Services.

Responding to Spam Messages

To keep spam to a minimum, users must refrain from responding in any way to spam and must not purchase anything advertised in spam.

(9)

S A N J O S É S T A T E U N I V E R S I T Y

DRAFT --- Friday, August 14, 2015 Page 9

No Specific Information in Automated Electronic Replies

Automated electronic mail replies should not include specific information, such as names and contact information for campus personnel that could be used to gain access to sensitive data.

Instant Messaging

Transmission of sensitive information using IM

IM should not be used for communication of sensitive level 1 or level 2 confidential information, including confidential information contained in files. For more information on data classification, refer to the SJSU “Security Standard for Information Classification and Handling” [2].

Telepresence Video Conferencing

Approved Telepresence video conferencing application

Campus users and students must use the official approved Telepresence vendor and applications for campus communication.

Web Conferencing

Approved Web Conferencing application

Campus users and students must use the official approved web conferencing solution application for campus communication.

More Information

[1] San Jose State University: “Email Retention”

References

Download now ( PDF - 9 Page - 145.64 KB )

Related documents

Dear Prospective Bride and Groom:

It is the responsibility of the Bride and Groom to be certain this policy is understood and followed by all members of the wedding party and those who service

Government Bond Secondary Market Liquidity: Seven Basic Requirements

• Facilitate the development of OTC derivatives • Enhance bond (cash) and OTC market liquidity • Reduce systemic risk. • Lower

Preservation and sustainabili ty of asphalt pavements

of asphalt pavements of asphalt pavements >> ASPHALTS >> QUALITY CONTROL >> PAVEMENT MANAGEMENT >> ENVIRONMENTAL IMPACT >> EMULSIONS >>

The GDPR and the research exemption: considerations on the necessary safeguards for research biobanks

The WMA Taipei Declaration seeks to regulate health databases and biobanks and provides more details on the requirements for consent: participants have to be informed about the

Tavistock and Portman E-PRINTS Online

The senior manage- ment attempts (with different success rates) to create culture change through the Messiah discourse, but complain that the government is so anxious about its

TILLGES CERTIFIED ORTHOTIC PROSTHETIC INC. TILLGES CERTIFIED ORTHOTIC PROSTHETIC INC.

Indication: Recommended for the immobilization, treatment and rehabilitation of stable cervical spine injuries resulting from trauma or degenerative disease and following

GL Data Logger

Instead, specify the location (CDROM). If a generic driver gets, or has been previously installed, it must be uninstalled before proceeding by using the Add or Remove Programs

Performance evaluation of WWW conference system for supporting remote mental healthcare education

In Figure 4 is shown an example of the relation between the video stream and channel number in the point-to-point conference.. This conference uses two video streams in each