1. (5) A documented technology plan that includes electronic security measures (e.g., password protection, encryption, secure online or proctored exams, etc.) is in place and operational to ensure quality standards, adherence to FERPA, and the integrity and validity of information.
Not Observed Insufficient Moderate Use Meets Criterion Completely
The University’s Information Technology Acceptable Use Policy specifies guiding principles, policy applications, provisions, and consequences of non-compliance. The Information Technology Systems Acceptable Use Policy provides additional guidelines. San Jose State University is in the process of updating its policies to ensure compliance with Federal, State, and CSU policy regarding the securing of university data. The new policy will include policies, standards, and training on PCI, HIPPA, FERPA, and the ICSUAM 8000 series.
The School of Library and Information Science implements processes to comply with these policies and extend their application to all aspects of the online program environment.
The School uses electronic security measures to protect personal data as well as resources that are restricted for use by SLIS students and faculty.
Student and faculty access to Desire2Learn, the course learning management system, and to MySJSU, the University’s student information system, is controlled with password protection. Authentication credentials are communicated via the secure https protocol. After an extended length of idle time, the systems automatically log out any user in order to prevent unauthorized access. All users are instructed to keep their logins private and not share them with others.
The School protects resources that are for use only by current students and staff through use of the SLIS Restricted Materials login. This login is changed each fall semester and spring semester. The username and password are provided to students by faculty members and academic advisors via secure means--usually within their D2L sites.
SLIS understands the critical need to protect user information and has implemented SSL encryption wherever possible in order to protect transmission of authentication information, and in several cases the user’s entire session is encrypted via SSL.
D2L: All user sessions on Desire2Learn are fully encrypted via SSL. The user’s entire browser session is encrypted, including all user interaction with discussion boards, messaging, online exams, file upload and sharing, and gradebooks.
MySJSU: Similarly, all user sessions on MySJSU, the University student information system, are fully encrypted. Faculty and student interaction with messaging, grades, financial aid, registration, and payments are fully protected via SSL. Faculty may securely send information to their students via the messaging system in MySJSU.
Collaborate: All synchronous Web Conferencing sessions held via Blackboard Collaborate are fully encrypted via SSL. Information discussed or transmitted during a Collaborate Web Conferencing session is protected and only accessible to the participants, although instructors must be careful to avoid the accidental recording of sensitive information.
Blackboard IM: All text messages are encrypted. Other communications such as application sharing, video, and voice are not encrypted. We recommend that users move into a fully-encrypted Collaborate web conferencing session when secure sessions are needed with these tools.
Logins to systems such as D2L, Collaborate, MySJSU, and to the SLIS Restricted Materials and library resources are encrypted via https.
SLIS server security is protected through secure transmission of authentication credentials. Students and faculty who have accounts on these servers receive their logins via methods that ensure security. Initial passwords are created with a random password creation application and a system is in place to ensure deletion of the original communication of the login information.