Information security is everyone's job at Brockport, not just a select few. We have adopted basic practices for safeguarding customer information that we expect every employee to follow.
Main Page Content
If you observe practices in your area that do not live up to these standards, you should first speak with a supervisor. If the matter is not resolved, please contact the information security staff in LITS.
We have adopted enhanced practices for certain types of sensitive information.
In order to accept credit cards, the College must meet the Data Security Standards set by the Payment Card Industry. We have adopted policies for the protection of credit card information.
Secure Destruction of Electronic Devices
Library, Information and Technology Services is charged with responsibility for the entire lifecycle of College-owned technology devices, such as computers, cell phones and other digital storage devices (USB drives). Technology that is end-of-life should be sent to LITS so that its digital content will be destroyed prior to the recycling of the physical media.
In order to safeguard our systems, we establish password practices and standards which serve to uniquely identify our staff. Be sure to keep your passwords safe and secret at all times.
Document Retention and Information Security
The College operates under a document retention and disposition policy which ensures we retain information only as long as we have a legitimate business or regulatory need for it. We cannot lose information which we no longer possess, so all staff should familiarize themselves with these practices and understand how they applie to their professional responsibilities.
Information Security Staff
The College has appointed the Collegewide Information Security Oversight Committee to coordinate overall information security efforts. If you have any questions or need assistance please reach out to our Information Systems Security Coordinator at InfoSec@brockport.edu.
Office 365 Email
Did someone complain to you that their email message was rejected by Microsoft? If so, please let them know that they may need to contact Microsoft to be "delisted". The easiest way to make this request is to complete the following form.
Data Risk Classification
We are committed to protecting college owned electronic information. That is why we are starting a program that will allow us to follow data classification standards. These standards will allow us to identify risk levels. Normally, data risk classifications consist of three categories: low risk, moderate risk, and high risk.
|Low Risk||Moderate Risk||High Risk|
Before processing, transmitting, or storing high risk information, please verify that the software or service you are using is authorized. Please feel free to call the Information Security department at extension 5072 for further clarification.