INFORMATION AND COMMUNICATION TECHNOLOGIES DIVISION

Information Security and Privacy Policy

Imagen de una persona sosteniendo un computador

INTRODUCTION

PSPI

The University, understanding the importance of proper information management, is committed to the implementation of a model of security and privacy of information in order to establish a framework of trust in the exercise of its duties to the State and citizens, framed in strict compliance with the laws, internal regulations and in accordance with the mission and vision of the institution, in order to ensure the integrity, confidentiality and availability of institutional information, its information assets and the information of the members of the university community.

This policy was approved by Rector’s Resolution No. 1674 of November 14, 2023, and is effective as of the date of issuance.

The information security and privacy policies must be maintained, reviewed, approved and updated annually by the Rectory and the Institutional Management and Performance Committee.

Information Security and Privacy Policy

OBJECTIVES

PSPI

The University focuses the objectives of the Information Security and Privacy Model on the protection of physical and digital information, seeking to achieve high levels of quality and excellence in its work, reducing the impact generated on its assets by the risks identified systematically, to ensure the implementation of the principles of integrity, confidentiality and availability of the same, according to the needs of the different processes, services, information systems and stakeholders identified.

The management of information security and privacy for the Universidad Industrial de Santander will be determined by the following objectives:

  • Comply with the principles of information security and administrative function.
  • Maintain security levels that provide the confidence of internal stakeholders (teachers, administrators, students) and external (graduates, pensioners, government agencies, productive sector, suppliers and citizens in general).
  • Perform an integral management of risks associated with the information and its information assets.
  • Articulate the management and preservation of information with the instruments of transparency and access to public information, such as: Inventory of Information Assets, Index of Classified and Reserved Information, Access Control Tables, among others.
  • Apply the information life cycle through archival instruments such as the Documentary Retention Tables TRD and Documentary Valuation Tables TVD.
  • Support technological innovation.
  • To carry out information migration processes that guarantee the disposition in the face of technological obsolescence.
  • Establish policies, procedures and instructions on information security.
  • Establish roles and responsibilities for the implementation of the Information Security Management System.
  • Strengthen the information security culture in the university community.
  • Guarantee the continuity of processes and services in case of incidents.
  • Define, implement, operate and continuously improve a security model, supported by clear guidelines aligned to the needs of its work, and regulatory requirements.

Level of

Compliance

This policy applies to the entire internal university community (professors, administrative staff, students) and external community (graduates, pensioners, governmental entities, productive sector, suppliers, academic allies and citizens in general), to the processes and information technologies, including the University’s hardware and software.

All persons covered by the scope and applicability must comply with all security policies and procedures that ensure the application of the principles of confidentiality, integrity and availability of information, under penalty of incurring in violations that may result in disciplinary, criminal, administrative and other consequences, in accordance with the applicable legislation in force.

Roles and

Responsibilities

The UIS by means of Agreement 034 of 2019 of the Superior Council approved the creation of the Institutional Management and Performance Committee “…instance in which issues related to institutional management will be discussed within the framework of the Integrated Model of Planning and Management – MIPG…”among them “to accompany the implementation of online government in relation to its impact on document and information management. “The Rector is also empowered ‘as the highest executive authority of the University to define and adopt the other aspects related to the implementation and operation of the Integrated Planning and Management Model – MIPG…’.

In correspondence to the above, the University establishes through the present document of information security policies, that:

The person responsible for the security and privacy of the University’s information will be any person who is a member of any internal or external interest group, for a proper implementation, adoption and correct application of the guidelines contained in the policies, according to their role, will abide by the stipulations in Table I. Roles and responsibilities in information security at the UIS.

Imagen de una mano donde flota un candado que representa la seguridad

Guidelines

PSPI

  •  Every person belonging to an internal or external stakeholder will be assigned some degree of responsibility for information security.
  • In order to protect the information generated, processed or safeguarded by the University, controls will be established to mitigate the risks generated by the access granted to external stakeholders.
  • It is necessary to apply controls that mitigate the incorrect use of the information created, processed, transmitted or safeguarded by the University, according to the classification of the information owned or in custody.
  • It is essential to protect the processing facilities and the technological infrastructure that supports critical processes.
  • The operation of processes must be controlled to ensure the security of technological resources and data networks.
  • Access controls should be implemented for information, systems, network resources and e-mails, considering stakeholders.
  • Security should be an integral part of the information systems life cycle.
  • Security events must be properly managed.
  • It is necessary to guarantee the continuity of the operation based on the impact that events may generate.
  • Compliance with legal, regulatory and contractual obligations must be guaranteed.

DO YOU NEED MORE INFORMATION?

Contact us

Information and Communication Technologies Division

Telephone: +57 (607) 634 4000

Extension: 2161 – 1247

Email: dtic@uis.edu.co

Central Campus UIS

Bucaramanga, Santander

Carrera 27 calle 9 

CENTIC

Icono del horario de atención
Icono del horario de atención

Office Hours:

Monday – Friday

7:00 a.m. to 12:00 m.

2:00 p.m. to 5:00 p.m.

Skip to content