Information Security Policy

Information Security Policy

Business Professionals Education Centre (BPEC) believes that the valuable information that BPEC produces and has been given stewardship over should be protected from serious threats. Risks to information’s confidentiality, integrity and availability should be addressed and appropriate effort taken to reduce harm and negative impacts of these risks to BPEC and its constituents. This policy addresses information security risk by establishing an information security data framework and related responsibilities.

Information security is the discipline of protecting information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction. This goal is commonly expressed as protecting the confidentiality, integrity, and availability of information.

Information security enables safe sharing of information. This is accomplished by making necessary and appropriate information available to authorized people. Information security is a responsibility shared by all and, therefore, must be cultivated and infused into the life and culture of BPEC. The information security concepts articulated by this policy are meant to be consistent with information security best practices and institution obligations, both contractual and regulatory.

Users are responsible for protecting information resources by adhering to institution policies and exercising good judgment in the protection of information resources. Users may only access and use information for which they have been given authorization or that their job duties require. Users must also follow information usage procedures, standards and guidelines established by Information Owners, Stewards, or the Information Security Officer.

Users must alert BPEC of misuse, mishandling, or abuse of information. Non-compliance with this policy could lead to disciplinary action.

Private Information is the responsibility of the information creator. Confidential information and community information is the responsibility of an upper level management representative. In order to execute these responsibilities, the Information Owner may delegate particular responsibilities to Information Stewards.

Violations of this policy will be handled consistent by the institution disciplinary procedures applicable to the relevant persons or departments. BPEC may temporarily suspend, block or restrict access to information and network resources in order to protect the integrity, security, or functionality of Institution resources or to protect BPEC from liability. BPEC may routinely monitor network traffic to assure the continued integrity and security of Institution resources in accordance with applicable Institution policies and laws. BPEC may also refer suspected violations of applicable law to appropriate law enforcement agencies.