2 Purpose

The purpose of this plan is to ensure the confidentiality, integrity, and availability of data, define, develop, and document the information policies and procedures that support University goals and objectives, and to allow the University to satisfy its legal and ethical responsibilities with regard to its IT resources.

Information security policies and procedures represent the foundation for the University’s ISP. Information security policies serve as overarching guidelines for the use, management, and implementation of information security throughout Michigan Tech.

Internal controls provide a system of checks and balances intended to identify irregularities, prevent waste, fraud and abuse from occurring, and assist in resolving discrepancies that are accidentally introduced in the operations of the business. When consistently applied throughout the University, these policies and procedures assure that information technology resources are protected from a range of threats in order to ensure business continuity and maximize the return on investments of business interests.

This plan reflects Michigan Tech’s commitment to stewardship of sensitive personal information and critical business information, in acknowledgement of the many threats to information security and the importance of protecting the privacy of University constituents, safeguarding vital business information, and fulfilling legal obligations. This plan will be reviewed and updated at least once a year or when the environment changes.