Policies, Regulations, Standards, Best Practices, and Procedures
Long Beach City College’s information technology resources are subject to the district’s Board Policies, Administrative Procedures, Information Security Standards, Best Practices, and IT Procedures as well as all applicable Federal, State, and local laws.
Information Standards, Best Practices, and Procedures build one upon the other to create an integrated approach to managing the requirements set forth in Board Policy and Administrative Procedures.
Users of District information resources found to have violated Administrative Procedures may be subject to disciplinary action (AP 3720 – Computer and Network Use).
The following documents are posted for ease of reference.
Board Policy and Administrative Procedures
- BP 3720 - Computer and Network User
- AP 3720 – Computer and Network Use
- AP 3725 - Accessibility of Information and Communication Technology (ICT)
- AP 5800 - Prevention of Identify Theft in Student Financial Transactions
- AP 5040 - Student Records, Directory Information, and Privacy
Information Security Standards (ISS)
Designed to support and enforce Administrative Procedures, Standards are baseline directives that can be linked directly to industry-recognized security frameworks.
- California Community College Information Security Standard
- Data Classification Standard
- Information Security Plan
- Access Control
- Disaster Recovery
- Incident Response
- Security Awareness Training
- Vulnerability Management
Information Security Best Practices (ISBP)
Designed to augment Standards, Best Practices are industry-recognized methods and techniques that produce superior results to commonly accepted alternatives.
- Multi-Factor Authentication
- OneDrive: Managing Files, Folders, and Shares
- Passwords and Passphrases
- Working Remotely
Information Security Procedures (ISPR)
Procedures are the formal methods by which Procedures, Standards, or Best Practices are conducted.
- Accessibility Assessment for Information and Communication Technology (ICT)
- Disposal, Donation, and Transfer of Computer Equipment
- Incident Reporting
- Remediating PII in OneDrive
- Remediating PII in Outlook
- Requests for Information and Communication Technology (ICT)
- Sharing Files and Folders in OneDrive
- Vendor Risk Management
Compliance and Privacy
- The California Consumer Privacy Act (CCPA)
- The Gramm-Leach-Bliley Act (GLBA)
- The Family Education Rights and Privacy Act (FERPA)
Exceptions
Exceptions to information security requisites (procedures, standards, etc.) shall be granted only when (1) such a requirement imposes an undue burden on a specific business process, and (2) compensating controls of equitable protection can be provided.
If You See Something, Say Something
Cybersecurity is a shared responsibility. Please report all suspicious activity and unauthorized access to computers, software, and websites to the Office of Information Security.
If you are looking to report a potential crime or similar non-emergency situation, please refer to the Police & Campus Safety website.
Protect your password
Administrative Procedure 3720 specifically prohibits the sharing of login credentials. Never provide your password to anyone: not your coworker, not your boss, not even ITS.
Don’t be a victim of phishing!
Forward all suspicious emails to Report a Phish. No one, not even ITS, should ask for your password or send emails or texts soliciting you to log in with your account. If someone does, they are phishing. If you do give your password to someone, immediately change it in the Viking Portal.