Policies, Regulations, Standards, Best Practices, and Procedures
Long Beach City College’s information technology resources are subject to the district’s Board Policies, Administrative Regulations, Information Security Standards, Best Practices, and Procedures as well as all applicable Federal, State, and local laws.
Information Standards, Best Practices, and Procedures build one upon the other to create an integrated approach to managing the requirements set forth in Board Policy and Administrative Regulations.
Users of District information resources found to have violated Administrative Regulations may be subject to disciplinary action (Administrative Regulation 6006).
The following documents are posted for ease of reference.
Board Policy and Administrative Regulations
- Board Policy 6006: Computer, Telecommunications, and Classroom Technology Use
- Administrative Regulation 6006: Computer, Telecommunications, and Classroom Technology Use
- Administrative Procedure 5800: Prevention of Identify Theft in Student Financial Transactions
- Administrative Procedure 5040: Student Records, Directory Information, and Privacy
Information Security Standards (ISS)
Designed to support and enforce Administrative Regulations, Standards are baseline directives that can be linked directly to industry-recognized security frameworks.
- California Community College Information Security Standard
- Data Classification Standard
- Information Security Plan
Information Security Best Practices (ISBP)
Designed to augment Standards, Best Practices are industry-recognized methods and techniques that produce superior results to commonly accepted alternatives.
- Multi-Factor Authentication
- OneDrive: Managing Files, Folders, and Shares
- Passwords and Passphrases
- Working Remotely
Information Security Procedures (ISPR)
Procedures are the formal methods by which Regulations, Standards, or Best Practices are conducted.
- Accessibility Assessment for Information and Communication Technology (ICT)
- Disposal, Donation, and Transfer of Computer Equipment
- Incident Reporting
- Remediating PII in OneDrive
- Remediating PII in Outlook
- Requests for Information and Communication Technology (ICT)
- Sharing Files and Folders in OneDrive
- Vendor Risk Management
Compliance and Privacy
- The California Consumer Privacy Act (CCPA)
- The Gramm-Leach-Bliley Act (GLBA)
- The Family Education Rights and Privacy Act (FERPA)
Exceptions
Exceptions to information security requisites (regulations, standards, etc.) shall be granted only when (1) such a requirement imposes an undue burden on a specific business process, and (2) compensating controls of equitable protection can be provided.
If You See Something, Say Something
Cybersecurity is a shared responsibility. Please report all suspicious activity and unauthorized access to computers, software, and websites to the Office of Information Security
Protect your password
Administration Regulation 6006 specifically prohibits the sharing of login credentials. Never provide your password to anyone: not your coworker, not your boss, not IITS.
Don’t be a victim of phishing!
Forward all suspicious emails to Report a Phish. No one, not even IITS, should ask for your password or send emails or texts soliciting you to log in with your account. If someone does, they are phishing. If you do give your password to someone, immediately change it in the Viking Portal.