Over the past two decades, several data security standards have emerged from new or modified federal and state regulations. Some data security standards cover specific topics, such as financial institutions, health information, or credit card transactions, while others are more general in nature and apply to securing any form of confidential data. For each new data security standard, the University must evaluate whether it conducts any business processes that apply to the new data security standard. If so, the Univeristy is required to comply with the new standard. When compliance is required, Cal State LA creates an Information Security Program.
The purposes of the Information Security Programs are to:
- Notify the campus of the data security standard.
- Identify the campus constituents who must participate in the program.
- Assign administrative responsibility for the program.
- Outline compliance requirements of the data security standard.
- Define the campus-specific steps that constituents must follow to comply with the data security standard.
- Inform constituents of all required self-assessments, test, reports, questionnaires, certifications, and the like that may be required on an annual or semi-annual basis.
Following are the University Information Security Programs currently in place: