March 12, 2025
Continuing our efforts to transform and protect IT at K-State
Submitted by Division of Information Technology
As we continue to transform our IT infrastructure and position K-State to protect against cybersecurity threats, we have been working with stakeholders across the institution to modernize and enhance our policies related to information technology.
Updating the IT policies is necessary to align the university’s practices in today’s digital world, enhance our IT cybersecurity posture and meet compliance standards and regulatory requirements.
Today, we are announcing new and enhanced policies that update our standards and practice, bringing alignment with state and national standards and established cybersecurity frameworks. The new and enhanced policies:
-
Acceptable Use Policy outlines the responsible and ethical use of the university’s information technology resources, emphasizing that these resources are provided to support the institution’s mission of education, research and service.
-
Access Management Policy ensures secure and appropriate access to the university’s information systems by granting permissions based on roles and responsibilities.
-
Data Classification and Storage Policy establishes a structured framework for categorizing and managing the university’s information to enhance effective access control and ensure compliance with applicable laws and regulations.
-
Data Privacy Policy outlines the university’s commitment to safeguarding personal information by establishing guidelines for collecting, using and protecting such data. The policy emphasizes adherence to applicable privacy laws and regulations, ensuring personal data is handled responsibly and securely to maintain individual privacy rights.
-
Data Use Policy ensures responsible access, use and sharing of university data to support academic, research and administrative excellence while safeguarding integrity and security.
-
Security Management Policy establishes the Information Security and Privacy Protection Programs, defining roles and responsibilities to maintain a safe and secure computing environment.
These policy changes reflect best practices in data security, aligning with current compliance standards like the Family Educational Rights and Privacy Act, or FERPA, the Gramm-Leach-Bliley Act, or GLBA, and Controlled Unclassified Information, or CUI. They create a foundation for secure access, data protection and responsible use, enabling the university to safeguard sensitive information while not overly restricting research and educational efforts. They allow the university to manage risks effectively and mitigate risks that could disrupt operations or lead to cybersecurity incidents. These new policies also establish a roadmap for ensuring that policies are continually updated and improved.
As part of the IT Transformation Initiative, these policies will guide how the university manages, supports and organizes IT infrastructure and services. The initiative aligns IT as a strategic partner with all academic and administrative units.
Thank you to the broad number of groups that provide input to get us to this point. Comment and input from college deans, the Academic Leadership Council, Data Governance Committee, Faculty Senate Committee on Technology, the Office of General Counsel and unit IT directors/leads significantly enhanced these policies to ensure they protect our IT infrastructure while ensuring that we continue to support our university mission.
As we continue to work together to strengthen K-State's IT infrastructure, policies and governance, we appreciate your continued partnership and support. Adapting to an ever-evolving technological landscape is no easy task. Still, these new and enhanced policies are one piece that will help K-State operationalize excellence in our IT space to ensure that we continue to set the standard for inspiring learning, creativity, discovery and engagement that positively impact society and transforms lives in Kansas and around the world.