This section contains standards decided upon by the College that have aspects applicable to InfoSec. Pages containing information regarding such topics as 'how long to store documents, and after what age do we destroy them', 'Data Classification defined', and more. Many of the standards listed here are also contained in the General Procedures manual, the Data Standards Manual, or even other locations. These InfoSec specific standards are grouped here for ease of discovery.
Standards vs. Policy vs. Procedures
Policies define the College's leadership's stance on topics varying from acceptable risk, to
appropriate usage of College owned electronics, and the potential repercussions of
abuse of College resources. Procedures are instruction sets detailing how to perform a process required for the College to
operate, and these procedures should be written as not to conflict with the College's
policies. Standards are 'agreed ways of doing things'. To become a standard, a documented standard must
be reviewed by the appropriate College leadership and accepted as such. This differs
from a policy, as it does not require Board of Director's approval. Standards apply
to operational controls and processes, and may or may not have coinciding policy defining
repercussions for circumventing standards intentionally or otherwise.