Procedures 5.23.2 and 5.23.3 for Review Due August 19, 2016

SENT ON BEHALF OF Ramon Padilla Jr.


In April as part of the five year cycle pursuant to Board Policy 1A.1 Minnesota State Colleges and Universities and Administration, Part 6, Subpart H, periodic review,

5.22       Acceptable use of computers and information technology resources passed through the review process and is now awaiting Board of Trustee approval.  This policy will be on the October and November board agendas.

The remaining procedures and guidelines are being sent out for comment and should be viewed as a package called information security data classification.  A diagram is attached to help you navigate through the related procedures and guidelines.  This information security data classification package is a foundational piece of our information security policy and procedure set.  Almost everything about information security revolves around data; who “owns” it, the rules and regulations that apply to it, who cares for it, and what kind of controls need to be put in place to ensure its safekeeping.  These procedures and guidelines do exactly that – they explicitly define the parameters around data and how we must care for it.  Additionally, they also give us our first foundational pieces of data governance.

Comments regarding the procedures and guidelines are welcome.  Please note that the information security controls guideline is VERY technical.  I am happy to report that there is “an app for that” already developed and the guideline was created to show the thought process that drives the app. I am happy to say that for any system that needs controls to be evaluated, it is only a 7 question process in the app to get the resulting controls.

Procedure and Guideline needing Review:

5.23.2                    Data Security Classification Procedure                Data Security Classification Guideline

5.23.3.                   Information Security Requirements & Controls Procedure                Information Security Controls Guideline

Comments can be left on the SharePoint site.

Link to document: System Procedure 5.23.2 and 5.23.3

COMMENT CLOSING DATE: August 19, 2016 end of business day.

If you are unable to access the site or have problems submitting comments in that manner, please contact


Ramon Padilla Jr.

Vice Chancellor and Chief Information Officer

Minnesota State Colleges & Universities

30 7th Street East, Suite 350

St. Paul, MN 55101


Christine Benner, Assistant | | 651-201-1462 |

Leave a Reply

Up ↑

%d bloggers like this: