Integrated Technology Services Procedures
Integrated Technology Services provides access to the college network, email, and myLakerLink.
- All Integrated Technology Services Department access requests for the college network, email, or myLakerLink will be requested in writing using the ITS department.
- The employee’s supervisor or the student worker’s department supervisor must sign all access requests.
- Any requests not signed by the appropriate supervisor will be returned to the requestor.
Integrated Technology Services has determined that it is not subject to the reporting requirements of CALEA (Communications Assistance for Law Enforcement Act) because:
- Southwestern maintains a private network for the use of students, faculty and administrators. College workstations, network accounts and wireless network access require authentication with a college issued user ID and password. There are some limited exceptions in the Library where some workstations are available for public use during the open hours of the Library.
- Southwestern does not support the connection from our private network to the public internet. We purchase ISP services from ORCA Communications which provides the connection to the public internet.
Compliance with the Gramm-Leach-Bliley Act. This document summarizes Southwestern Oregon Community College’s (the “Institution’s”) comprehensive written information security program (the “Program”) mandated by the Federal Trade Commission’s Safeguards Rule and the Gramm – Leach – Bliley Act (“GLBA”). In particular, this document describes the Program elements pursuant to which the Institution intends to (i) ensure the security and confidentiality of covered records, (ii) protect against any anticipated threats or hazards to the security of such records, and (iii) protect against the unauthorized access or use of such records or information in ways that could result in substantial harm or inconvenience to customers. The Program incorporates by reference the Institution’s policies and procedures enumerated below, and is in addition to any institutional policies and procedures that may be required pursuant to other federal and state laws and regulations, including, without limitation, FERPA.
- The Institution’s Director of Integrated Technology Services is designated as the Program Officer who shall be responsible for coordinating and overseeing the Program. The Program Officer may designate other representatives of the Institution to oversee and coordinate particular elements of the Program. Any questions regarding the implementation of the Program or the interpretation of this document should be directed to the Program Officer or his or her designees.
- The Program applies to any record containing nonpublic financial information about a student or other third party who has a relationship with the Institution, whether in paper, electronic or other form that is handled or maintained by or on behalf of the Institution or its affiliates. For these purposes, the term nonpublic financial information shall mean any information (i) a student or other third party provides in order to obtain a financial service from the Institution, (ii) about a student or other third party resulting from any transaction with the Institution involving a financial service, or (iii) otherwise obtained about a student or other third party in connection with providing a financial service to that person.
- Elements of the Program:
- Risk Identification and Assessment. The Institution intends, as part of the Program, to undertake to identify and assess external and internal risks to the security, confidentiality, and integrity of nonpublic financial information that could result in the unauthorized disclosure, misuse, alteration, destruction or other compromise of such information. In implementing the Program, the Program Officer will establish procedures for identifying and assessing such risks in each relevant area of the Institution’s operations, including:
- Employee training and management. The Program Officer will coordinate with representatives in the Institution’s Human Resources and Student Financial Services Offices to evaluate the effectiveness of the Institution’s procedures and practices relating to access to and use of student records, including financial aid information. This evaluation will include assessing the effectiveness of the Institution’s current policies and procedures in this area, including labor union and public information request processing. The evaluation will also include office management and confidentiality of student records, retention of such records, and integrity of imaged documents.
- Information Systems and Information Processing and Disposal. The Program Officer will coordinate with representatives of the Institution’s Integrated Technology Services Department to assess the risks to nonpublic financial information associated with the Institution’s information systems, including network and software design, information processing, and the storage, transmission and disposal of nonpublic financial information. This evaluation will include assessing the Institution’s current policies and procedures relating to Appropriate Use and Records Management. The Program Officer will also coordinate with the Institution’s Integrated Technology Services Department to assess procedures for monitoring potential information security threats associated with software systems and for updating such systems by, among other things, implementing patches or other software fixes designed to deal with known security flaws.
- Detecting, Preventing and Responding to Attacks. The Program Officer will oversee and implement the data breach Incident Response Plan.
- Designing and Implementing Safeguards. The risk assessment and analysis described above shall apply to all methods of handling or disposing of nonpublic financial information, whether in electronic, paper or other form. The Program Officer will, on a regular basis, implement safeguards to control the risks identified through such assessments and to regularly test or otherwise monitor the effectiveness of such safeguards. Such testing and monitoring may be accomplished through existing network monitoring and problem escalation procedures.
- Overseeing Service Providers. The Program Officer shall coordinate with those responsible for the third party service procurement activities among the Integrated Technology Services Department and other affected departments to raise awareness of, and to institute methods for, selecting and retaining only those service providers that are capable of maintaining appropriate safeguards for nonpublic financial information of students and other third parties to which they will have access. In addition, the Program Officer will work with the college legal counsel to develop and incorporate standard, contractual protections applicable to third party service providers, which will require such providers to implement and maintain appropriate safeguards. Any deviation from these standard provisions will require the approval of the college legal counsel. These standards shall apply to all existing and future contracts entered into with such third party service providers, provided that amendments to contracts entered into prior to June 24, 2002 are not required to be effective until May 2004.
- Adjustments to Program. The Program Officer is responsible for evaluating and adjusting the Program based on the risk identification and assessment activities undertaken pursuant to the Program, as well as any material changes to the Institution’s operations or other circumstances that may have a material impact on the Program.
Compliance with the list steps and responsibilities will help safeguard personal information accessed and stored on college systems. Employees who do not comply with these procedures may be subject to the college’s disciplinary system up to and including termination.
Technology-related HEOA Compliance
The Higher Education Opportunity Act of 2008 (HEOA) includes three requirements for addressing illegal peer-to-peer file sharing of copyrighted material by those using campus networks. Southwestern Oregon Community College will be required to 1) inform students annually they may be subject to criminal and civil penalties if they engage in illegal distribution of copyrighted materials and describe the steps being taken to detect and punish such activity, 2) certify to the Secretary of Education that the institution has plans to effectively combat unauthorized distribution of copyrighted material, and 3) offer alternatives to illegal file sharing.
Southwestern Oregon Community College complies with these requirements as follows:
- Publishes warnings online, in print, and in presentations that students who violate copyright laws may be subject to disciplinary action by the College as well as prosecution under state and federal guidelines.
- Our Student Housing team annually discloses this information to students through distribution of a brochure that defines copyright law, details College rules for file sharing, and lists legal alternatives for acquiring copyrighted materials.
- The Student Handbook clearly addresses file sharing and copyright use.
- Integrated Technology Services monitors network activity and utilizes network traffic shaping and appliances specifically for stopping illegal file sharing and copyright use to certify to the Secretary of Education that we effectively combat illegal file sharing at Southwestern Oregon Community College.
Campus Resources and Communications:
The ITS department will schedule regular server maintenance, which is expected to disrupt services, during the interval between Monday at 1 AM to 5 AM. During this interval, there may be extended periods when servers, and the services they provide, may not be available.
High priority server maintenance may be performed at any time with appropriate notice to the campus community or affected users.
The purpose of Southwestern Oregon Community College websites are to support the mission of the college and to promote the college’s programs and services.
Website Development at SWOCC
Southwestern Oregon Community College makes every effort to maintain an active web presence that is available to current & future students, community, alumni, faculty, staff and the public in general seeking information about SWOCC.
To ensure consistency throughout the SWOCC website, all web site development is directed through the Integrated Technology Services Department’s Web System Administrator.
If you need assistance developing a website or need help with an existing website, please contact the Web System Administrator. The Integrated Technologies Services Department asks that all requested services be posted to HelpBox.
HelpBox - Integrated Technology Services maintains HelpBox on our Intranet (secure) to log all job requests that come into the department.
CMS (Joomla) Training – If you have a site developed with the new CMS and would liked to be trained on how to maintain the content for your website or for your department, please contact the Web System Specialist to schedule an appointment.
Web System Administrator
If you need a website developed, you’ve come to the right place. We’ll outline the steps in getting started to help you through the process.
- HelpBox - Log your request in HelpBox.
- Schedule a meeting - We’ll contact you to schedule a meeting to discuss your web development project.
- Time Frame - We’ll do our best to estimate a target date for completion.
- Layout / Design – If your project requires something unique from the rest of the website, we’ll work up a mockup of the layout in a graphical format for you to view.
- Content Development – You will be responsible for developing your own content in your area of expertise. We can give you some tips on content development for the web. Please create in Word and email them to us.
- Photos – If you have photos that you want on your pages, they must be in digital format and emailed.
- Development Stage – We will be in contact with you during the entire development stage. A lot of communication will be emailed to you. You must be able to respond in a timely manner. After the initial structure of the website is online, you’ll be asked to view it for changes and approval.
- Completion – After all details are completed and you have approved the site, you’ll be asked to proof it again before site launched. That’s it – the site will be launched!
- Training – Someone in your department or you may be trained to update the site content. There will be a time scheduled for this.
Frequently Asked Questions
- Why do we need to have the Web System Administrator design a website for our department? For consistency and making sure that the website is standards compliant, we’ll set up the initial site. You may want to have training on our new CMS so that you can keep the content current. We reserve the right to have the final say in the design and layout of the website.
- I designed my own web pages; can I have access to your web server? At this time the ITS department is using a CMS in which all of the Southwestern websites will be built upon. All content editors will update their website through the CMS and no one will have ftp without special consideration or approval from the ITS staff.
- I designed my own web pages and bought my own domain name, can you link it to the SWOCC website?
We will not link program websites designed outside of the SWOCC template. Domains many expire and could become hacked. They could also be taken over by another business or enterprise that SWOCC may not want to be affiliated with. The socc.edu domain name is also an important tool in branding that supports the SWOCC marketing efforts.
What are Web Standards?
The W3C has set some guidelines and recommendations for developing websites. By building sites with web standards, the web becomes a better place. Consistency in web development means cross browser support, future compatibility, accessible to people with disabilities, search engines can index sites easier and many other benefits. (See below for resources that outline the benefits of building a standards complaint website.)
Web Standards are very import to us. For this reason newly developed websites on our web server as well as the new SWOCC site, are written in HTML5/CSS3 which is the current recommendation by the W3C.
What are the benefits of Web Standards?
Consistent Look and Feel
We are currently redesigning the new SWOCC website and bringing it up to date with the most current web standards. We have designed consistent templates that will be used throughout the site. Some will be different than others, but they will be consistent and blend with the rest of the new website. These templates are developed with table-less layouts using HTML5 and CSS3 (Cascading Style Sheets) to separate presentation from content. This makes it easier to update the site as well.
Content Management System (CMS)
Joomla is an award-winning content management system (CMS), which enabled us to build our college websites with powerful online applications. We chose Joomla because it's open source (free to anyone) and for its ease-of-use and extensibility.
As we are developing a new website built upon our new CMS platform, we will be training content editors in various departments to maintain the web content that they are responsible for. After initial website setup, editors will be chosen and trained to update the content. The training can take place in only 1 hour’s time. Many content editors will enjoy using the CMS and be responsible for their own content.
Building a Standards Compliant website helps to make the web pages more accessible to people with disabilities. Southwestern has moved toward greater accessibility to our students with disabilities as well as the general public.