Information Technology and Data Governance

I. PREAMBLE

Information is a sacred trust. In a world of noise and confusion, Atlas University is called to preserve truth through disciplined data stewardship. The University’s technology infrastructure, networks, and digital archives serve as instruments for learning, research, and covenantal communication. Their security and integrity are therefore acts of worship and guardianship.

II. PURPOSE

This Policy governs all information systems, digital assets, and data management practices at Atlas University. Its objectives are to:

  1. Protect institutional and personal data from loss, misuse, or unauthorized access.

  2. Define ethical and legal standards for technology use.

  3. Ensure compliance with FERPA, GLBA, HIPAA (where applicable), and the Florida Information Protection Act (FIPA).

  4. Provide a framework for digital governance, cybersecurity, and infrastructure planning.

III. ADMINISTRATIVE AUTHORITY

  • PresidentExecutive authority over all information systems and digital governance.

  • Chief Information Officer (CIO)Directs technology strategy, operations, and cybersecurity.

  • Director of Information Systems (DIS)Manages infrastructure, networks, and user services.

  • Registrar / Director of ComplianceOversees FERPA compliance and student data protection.

  • Data Governance Committee (DGC)Cross-departmental advisory body ensuring data integrity and ethical standards.

IV. INFORMATION SYSTEMS FRAMEWORK

Atlas University maintains a comprehensive digital ecosystem composed of:

  • Atlas Learning Platform (ALP) – secure online learning and communication system.

  • Atlas Digital Library (ADL) – centralized academic and research database.

  • Atlas Portal – unified login for students, faculty, and staff.

  • Enterprise Resource Planning (ERP) – integrated financial, HR, and student information systems.

All systems operate under a unified security and identity management architecture.

V. ACCEPTABLE USE POLICY (AUP)

  1. Technology resources are provided for educational, research, and administrative purposes only.

  2. Users shall:

    • Use accounts responsibly and safeguard passwords.

    • Comply with all laws and University policies.

    • Respect intellectual property and copyright laws.

    • Avoid accessing, creating, or transmitting offensive, defamatory, or immoral material.

  3. Prohibited activities include:

    • Unauthorized network scanning or hacking.

    • Use of systems for personal profit or illegal acts.

    • Distribution of malware or spam.

    • Tampering with University data or systems.

  4. Violation of AUP may result in suspension of access, disciplinary action, or legal prosecution.

VI. DATA CLASSIFICATION AND OWNERSHIP

All data held by Atlas University are classified into three categories:

CategoryDescriptionCustodianInstitutional DataFinancial, academic, and operational data owned by the University.CFO / RegistrarConfidential DataPersonally identifiable information (PII), student records, medical or counseling data.Registrar / HR DirectorPublic DataInformation intended for public dissemination (press releases, website).Communications Director

Ownership: All data produced or stored using University resources is property of Atlas University, Inc.

VII. DATA PRIVACY AND PROTECTION

  1. FERPA Compliance: Student education records protected; disclosure only with written consent or lawful exception.

  2. HIPAA / Health Data: Medical information stored under HIPAA standards in secured health-system databases.

  3. Encryption: All confidential data encrypted in transit and at rest using AES-256 or equivalent.

  4. Access Control:

    • Role-based access enforced across systems.

    • Annual review of user permissions.

  5. Breach Notification: In case of data breach, the University will comply with FIPA, notifying affected individuals within 30 days and relevant state authorities.

  6. Data Retention: As defined in the Records Management Policy; minimum seven-year retention for core institutional data.

VIII. CYBERSECURITY POLICY

  1. Network Security: Firewalls, intrusion detection, and anti-malware systems maintained and updated continuously.

  2. Authentication: Multi-factor authentication (MFA) required for all administrative access.

  3. Incident Response Plan:

    • Led by CIO and Chief Safety Officer.

    • Immediate containment, investigation, and notification procedures.

    • Annual tabletop drills and simulations.

  4. Vulnerability Management: Quarterly penetration testing and patch management protocols.

  5. Backups: Daily automated backups; encrypted copies stored off-site.

  6. Personal Devices: Bring-Your-Own-Device (BYOD) permitted only under mobile device management (MDM) policy.

IX. DIGITAL COMMUNICATIONS

  1. Official Email: All correspondence regarding University business must be conducted via official Atlas email accounts.

  2. Monitoring: University reserves the right to monitor and audit network traffic for security and compliance purposes.

  3. Social Media: Employees and students representing the University online must do so respectfully and truthfully, upholding institutional values.

X. DATA GOVERNANCE COMMITTEE (DGC)

  1. Composition: CIO (Chair), Registrar, CFO, Provost, Legal Counsel, and one Faculty Representative.

  2. Responsibilities:

    • Approve policies related to data access and sharing.

    • Monitor compliance with privacy laws and ethical standards.

    • Oversee data lifecycle management.

    • Publish annual Data Governance Report.

XI. DIGITAL ARCHIVES AND PRESERVATION

  1. Research data, publications, and institutional documents stored in the Atlas Evidence Repository (AER).

  2. Metadata standards based on Dublin Core and ISO 15489.

  3. Long-term preservation supported by redundant digital storage and checksum verification.

XII. TECHNOLOGY ACQUISITION AND LICENSING

  1. All hardware, software, and IT services must be procured through the CIO and CFO.

  2. Open-source solutions encouraged when secure and supportable.

  3. Software licenses maintained in central registry; compliance audits performed annually.

XIII. TRAINING AND USER EDUCATION

  1. All faculty, staff, and students must complete annual training in:

    • Cybersecurity awareness

    • FERPA compliance

    • Ethical digital conduct

  2. Certification tracked by HR and recorded in the Atlas Learning Platform.

XIV. COMPLIANCE MONITORING AND AUDIT

  1. Annual IT audit conducted by the Internal Auditor or external firm.

  2. Findings reported to the Board Finance and Governance Committees.

  3. Noncompliance addressed within 60 days of report issuance.

XV. REVIEW AND AMENDMENT

This Policy shall be reviewed annually by the CIO and Data Governance Committee, approved by the President, and ratified by the Board of Trustees.