Purpose
To provide Pomona College with guidance in developing and implementing the appropriate protective safeguards to ensure the confidentiality, integrity, and availability of Pomona College assets and information.
Policy
Pomona College’s information, data, and records are managed in a manner consistent with Pomona College’s risk strategy to protect the confidentiality, integrity, and availability of the assets. Data security controls are submitted to Pomona College senior leadership for review and approval, and include a cost-benefit analysis to inform the executive staff in their risk strategy decisions.
Summary
- Data security controls are submitted to Pomona College senior leadership for review and approval
- Data security controls will include a cost-benefit analysis to inform the executive staff in their risk strategy decisions
- Pomona College employs cryptographic controls in accordance with applicable Federal and State laws, regulations and standards
- Pomona College system that requires protection includes but is not limited to configuration settings, intrusion detection and prevention, various logs and password databases
- Pomona College protects the confidentiality and integrity of sensitive data by using cryptographic mechanisms
- Pomona College applies full disk encryption to all Pomona College-owned laptops, mobile devices and desktop workstations
- Backups are encrypted (at rest)
- Pomona College recommends that students enable full disk encryption on their personal devices
- All transportable media is also encrypted
- Papers containing confidential information must not be left out in public view and must be properly destroyed when no longer needed
- Pomona College hardware and software assets are documented, tracked, and managed through inventory management
- Faculty and staff status is tracked and managed by Human Resources and the Dean of the College
- Student documentation is managed by Admissions, Registrar’s Office, the Dean of Students and the Advancement Office depending upon student status
- Prior to disposal, sanitization techniques are applied to media
- Pomona College ensures that there is adequate capacity to provide availability of its systems
- Pomona College employs reasonable and appropriate methods for data loss prevention
Data Security Policy Details [pdf]