This section contains standards decided upon by the College that have aspects applicable to InfoSec. Pages containing information regarding such topics as 'how long to store documents, and after what age do we destroy them', 'Data Classification defined', and more. Many of the standards listed here are also contained in the General Procedures manual, the Data Standards Manual, or even other locations. These InfoSec specific standards are grouped here for ease of discovery.
Standards vs. Policy vs. Procedures
Policies define the College's leadership's stance on topics varying from acceptable risk, to appropriate usage of College owned electronics, and the potential repercussions of abuse of College resources. Procedures are instruction sets detailing how to perform a process required for the College to operate, and these procedures should be written as not to conflict with the College's policies. Standards are 'agreed ways of doing things'. To become a standard, a documented standard must be reviewed by the appropriate College leadership and accepted as such. This differs from a policy, as it does not require Board of Director's approval. Standards apply to operational controls and processes, and may or may not have coinciding policy defining repercussions for circumventing standards intentionally or otherwise.