As a member institution of the Minnesota State Colleges and Universities system (Minnstate), Century adheres to all MinnState security policies, procedures, and operating instructions, which may be found here and are enumerated below:
5.22 - Acceptable Use of Computers and Information Technology Resources
- System Procedure 5.22.1 - Acceptable Use of Computers and Information Technology Resources
- System Procedure 5.22.2 - Cellular and Other Mobile Computing Devices
5.23 - Security and Privacy of Information Resources
- Operating Instruction 5.23.1.1 - Password Usage and Handling
- Operating Instruction 5.23.1.2 - Encryption for Mobile Computing and Storage Devices
- Operating Instruction 5.23.1.3 - Data Sanitization
- Operating Instruction 5.23.1.4 - Information Security Incident Response
- Operating Instruction 5.23.1.5 - Security Patch Management
- Operating Instruction 5.23.1.6 - Vulnerability Scanning
- Operating Instruction 5.23.1.8 - Anti-malware Installation and Management
- Operating Instruction 5.23.1.10 - Payment Card Industry - Technical Requirements
- Operating Instruction 5.23.1.11 - Data Backup
- Operating Instruction 5.23.1.13 - Breach Notification
- Operating Instruction 5.23.1.14 - Review of Third Party Vendors
- System Procedure 5.23.2 Data Security Classification
Operating Instruction 5.23.2.1 Data Security Classification - System Procedure 5.23.3 Information Security Requirements and Controls
Operating Instruction 5.23.3.1 Information Security Controls
Additionally, as a system, we have adopted ISO 27001 and 27002 as our information security standards. The most recent Century information security operating plan includes a focus on Vulnerability Management, Application Software Security, Data Classification and Inventory, Secure Network Engineering, and Controlled Use of Admin Privileges with annual metrics collected, analyzed and updated based on results.