Governance Policy

Purpose

To provide Pomona College with guidance in identifying and gaining an understanding of the components of the institution that make up its information security system and thereby enable Pomona College to manage cybersecurity risk to systems, assets, data, and capabilities.

Policy

Pomona College develops, maintains, and disseminates an information security program that includes information security policies and procedures. These policies, procedures, and processes are used to manage, monitor, and support Pomona College’s regulatory, legal, risk, environmental, and operational requirements. These requirements are understood and utilized to inform senior leadership of cybersecurity risk.

Summary

  • Pomona College develops and maintains information security policies that have been approved by senior leadership to provide guidance.
  • These policies address the security controls that protect the information systems, information and assets.
  • Pomona College will assign security roles, coordinating with internal roles and external partners as necessary
  • The Security Officer is responsible for bringing risk management recommendations to executive staff.
  • The executive staff approves security policies, risk tolerance, risk mitigation and management.
  • Among the regulations requiring specific cybersecurity are payment card data, FERPA, GLBA, FTC and California security breach notification statutes.

Governance Policy Details [pdf]