Main Nav

Sincerely, Nicholas M. Tella Information Security Manager Information Security Services (ISS) Johnson & Wales University Nicholas.Tella@jwu.edu 401-598-3030 Sent from my iPad

Comments

When I worked in the Massachusetts State University System we were told by our attorneys that publishing the policy is enough to make people responsible and that requiring folks to sign off on it just gives them a potential legal excuse if they don't sign. 

FWIW.

 - Mark
--
Mark Berman, Chief Information Officer
Siena College
515 Loudon Road
Loudonville, NY  12211
(518)782-6957,  Fax: (518)783-2590
Siena College is a learning community advancing the ideals of a liberal arts education, rooted in its identity as a Franciscan and Catholic institution.

CONFIDENTIALITY NOTICE: This e-mail, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure, or distribution is prohibited. If you received this e-mail and are not the intended recipient, please inform the sender by e-mail reply and destroy all copies of the original message.


Content-Type: text/html

We require an annual password change, and the process requires the acceptance of our usage policy. 

 

Message from eric.lukens@uni.edu

Along the same lines, I was wondering why the AUP got special recognition above many of the other policies. Shouldn't people have to acknowledge all the policies or at least all that are applicable to them? Such as the discrimination, harassment, procurements, conflict of interest, fire safety, injury reporting, public records, intellectual property, and so forth. Aren't those just as important? I know certain people in certain job duties must do annual training and acknowledgement per various regulations (PCI DSS, HIPAA, Mandatory Reporting of Child Abuse, etc). But for the typical campus student/employee/faculty, is there something special about the AUP? Are abuses of the AUP so rife and common that it requires more education and enforcement than the other policies, which are also likely just as ignored or abused? Should they rather be acknowledging the existence of your entire policy library and given a link to it? I'm not saying I have the answers to those questions, but I could see requiring acknowledgment of some policies but not others leading to other unintended consequences. -Eric Berman, Mark wrote: > When I worked in the Massachusetts State University System we were told > by our attorneys that publishing the policy is enough to make people > responsible and that requiring folks to sign off on it just gives them a > potential legal excuse if they *don't* sign. > > FWIW. > > - Mark > -- > Mark Berman, Chief Information Officer > Siena College > 515 Loudon Road > Loudonville, NY 12211 > (518)782-6957, Fax: (518)783-2590 > /*Siena College is a learning community advancing the ideals of a > liberal arts education, rooted in its identity as a Franciscan and > Catholic institution. > */ > /CONFIDENTIALITY NOTICE: This e-mail, including any attachments, is for > the sole use of the intended recipient(s) and may contain confidential > and privileged information. Any unauthorized review, use, disclosure, or > distribution is prohibited. If you received this e-mail and are not the > intended recipient, please inform the sender by e-mail reply and destroy > all copies of the original message./ > > > Content-Type: text/html > > We require an annual password change, and the process requires the > acceptance of our usage policy. > > > > *