GPC Information Security Policies
The purpose of information security policies, standards, processes and procedures are to establish and maintain a standard of due care to prevent misuse or loss of GPC information assets. GPC information security policies are compulsory for all faculty members, staff, students, contractors and all other workers, unless explicitly exempted otherwise.
Policy provides management direction for information security based on business requirements, laws, and risks to the business, and administrative policies.
Standards are the specifications that contain measurable, mandatory rules to be applied to a process, technology, and/or action in support of a policy.
Procedures are the specific series of actions that are taken in order to comply with policies and standards.
Current GPC InfoSec Polices:
- Policy 600-Access Control
- 601 Anti-virus Software
- 602 Business Continuity and Disaster Recovery
- 603 Change Management
- 604 Configuration and Vulnerability Management
- 605 Data Backup and Recovery
- 606 Data Classification and Handling
- 607 Encryption Techniques
- 608 Enterprise Information Security Program
- 609 Information Security Awareness and Training
- 610 Information Security Incident Response
- 611 Information Security Roles and Responsibilities
- 612 Password Management
- 614 Physical and Environmental Security
- 615 Software Development Security
- 616 Virtual Private Network