Skip to toolbar

Security Standards

Information Security Program

Established to meet the requirements of policy # 5250: Information Security, and guided by policies and standards from the state Office of the Chief Information Officer (OCIO), an information security program has been established at Bellevue College.  It is documented and maintained through individual college policies, procedures and security standards which address expected information security practices.  The program is administered by the vice-president of Information Technology Services (ITS) and his designees.

This information security program is undergoing an extensive revision during 2020, in which all policies, procedures, standards and processes are being examined and updated.  All standards are being converted to SOPs which are being posted here as they are approved .

Approved information security policies and procedures are posted on the college policies website.  This page contains a list of information security standards undergoing update which are still in progress.  When the update process is complete, this webpage listing former standards will be deleted.

If  you have concerns, suggestions or questions about the standards linked below as they are posted, please send an e-mail to the IT Compliance Manager.

Standard names will be removed from here once its SOP version is approved;  documents listed here are for reference only, pending approval.  This list is subject to change as updates are approved.


Operational Standards

These are established processes and expectations likely to be applicable to or of interest to general campus users.

  • 110 – Risk Assessment and Management
  • 320 – Information Security Manager
  • 420 – Employee Security Training
  • 505 – Equipment Inventory
  • 510- Electronic Media Disposal
  • 520 – Use of College Resources off-Campus
  • 605 – Web Space Usage
  • 615 – Web Information Accessibility
  • 620 – User Management
  • 625 – Security Privileges
  • 635 – Connecting Non-College Equipment
  • 640 – Portable Data Storage Devices
  • 655 – Mobile Computing Devices
  • 660 – Authentication Management
  • 670 – Administrative System Access
  • 680 – Social Engineering
  • 810 – Physical Security
  • 910 – Data Backup
  • 920 – Change Management
  • 930 – Software Management
  • 935 – Restricted Services and Applications
  • 1005 – Network Data Storage
  • 1060 – Video and Television Services
  • 1070 – Patch Management
  • 1095 – Remote Computer Servicing
  • 1110 – Technology Purchasing and Logistics
  • 1230 – Technology Partnerships
  • 1420 – Data Recovery
  • 1530 – Payment Card Security
Technical Standards
  • 120-T – Security Assessment (Technical)
  • 630-T – Data Management (Technical)
  • 655-T – Mobile Device Management (Technical)
  • 710-T – Encryption Tools and Protocols (Technical)
  • 915-T – System Logging and Audit (Technical)
  • 950-T – Virus and Malware Protection (Technical)
  • 1010-T – Network Printer Configuration (Technical)
  • 1015-T – Network Device Configuration and Management (Technical)
  • 1025-T – Computing System Configuration (Technical)
  • 1030-T – Electronic Mail Configuration (Technical)
  • 1035-T – Phone System Configuration (Technical)
  • 1040-T – Wireless Network Management (Technical)
  • 1045-T – Web Servers (Technical)
  • 1050-T – Remote Network Access Configuration (Technical)
  • 1055-T – SSH Configuration (Technical)
  • 1065-T – Firewall Change Management (Technical)
  • 1075-T – byRequest Configuration (Technical)
  • 1510-T – Payment Card Network Configuration (Technical)

Replaced security standards may be accessed at: https://commons.bellevuecollege.edu/itsecurity/old-standards/

Leave a Reply