Policies
Welcome to Farmingdale State College’s Policy Library. This library is the official repository for all institutional policies and procedures and is intended to be a resource for faculty, staff and students seeking information related to the policies that govern the institution. This library does not contain department-specific policies and procedures. Please contact the department for specific departmental policies and procedures.
Please direct all questions regarding policy content to the Responsible Office listed on the respective policy.
If you wish to propose or amend an institutional policy, please review the Policy for Developing Institutional Policies and complete the Policy Proposal Form.
For assistance with drafting and amending policies, please refer to the Policy Writing Guidance and/or contact the Risk and Compliance Office at 934-420-5365.
Information Security Policy
Policy Purpose
To establish an institutional commitment and expectation to uphold an Information Security Program and require adherence to the Program’s security requirements.
Persons Affected
Faculty, Staff, Students, Third Parties
Policy Statement
Farmingdale State College has established and maintains an Information Security Program (ISP) that provides the structure, safeguards, and direction necessary to protect college data and support our mission. The SUNY Information Security Policy 6900 has been adopted as the minimum baseline for the Information Security Program – with a commitment to meet or, in certain cases, exceed this standard. As part of the establishment of the Information Security Program, a designated, qualified individual with relevant expertise in information security, within the Information Technology department, will serve as the Information Security Program Lead.
Farmingdale State College is committed to protecting the confidentiality, integrity, and availability of college data and the systems that handle it, and to comply with applicable legal and regulatory requirements. As such, the Information Security Program will include administrative, technical, and operational safeguards appropriate to the size and complexity of the institution and the sensitivity of its information.
The college must maintain a set of information security policies that aid in addressing the ISP’s requirements. Any policies, implemented in addressing the ISP’s requirements, must adhere to the overarching principles and requirements set forth in SUNY system's Information Security Policy and the SUNY IT Standards, while addressing the specific needs, challenges, and risk landscapes of the college. These policies must not supersede any applicable laws or regulations.
As part of the ISP, the college will conduct an annual risk assessment to evaluate risks to college operations, assets, and information. Risk assessments will also be performed in alignment with applicable relevant conditions, directives and college requirements as needed.
Roles and Responsibilities
Oversight
The Information Security Program Lead and the Executive Vice President for Administration & Finance are primarily responsible for the oversight of the Information Security Program.
Governance
The Information Security Program Lead is responsible for directing the governance of the ISP. Such responsibilities include the selection and implementation of administrative controls, such as college policies, in support of risk management that align with the college’s unique strategies, goals, operational objectives, and risk profile.
The Program Lead may delegate specific activities to qualified designees, working groups, or service providers, while retaining overall responsibility for governance.
Operations
The Information Security Program Lead, in conjunction with Information Technology, are primarily responsible for selection and implementation of the ISP’s technical and operational controls. The Information Security Program Lead will prepare a written report to be provided to the college’s executive leadership for review and comment on an annual basis.
Compliance
The Information Security Program Lead and the Executive Vice President for Administration & Finance are primarily responsible for enforcement.
Vice Presidents are responsible for the compliance of their divisions with this policy, related college policies, and the overarching ISP’s controls. All members of the college’s community, including individual departments, are responsible for adhering to applicable college policies and security controls. This includes the responsibility for safeguarding the information they create, manage, or own.
Instances of non-compliance will be addressed on a case-by-case basis. All cases will be documented and notifications sent to responsible parties. These notices will include recommendations for corrective action. A reasonable period of time, depending on the level of exposure and criticality of the resource, will be stipulated for implementing corrective action. Follow up review(s) will determine the subsequent degree of compliance. Failure to meet compliance requirements may result in sanctions.
Nothing in this section is intended to be an impediment in responding to a security incident.
Exceptions
Exceptions to the Information Security Program are permitted on a case-by-case basis. Review of exception requests must be performed by the Information Security Program Lead and the Executive Vice President for Administration & Finance. Upon review, a risk assessment of the exception must be performed to determine the risks associated with each request. Exceptions must be documented and retained for record keeping.
Responsible Office
Information Technology
Policy History
Revised: October 23, 2025
Policies
Categories
- Academic Integrity Policy
- Academic Standing for Non-Matriculated Students Policy
- Amnesty Policy
- Animal Care and Use for Research Policy
- Assignment of Credit Hours Policy
- Aviation Flight Center Safety Policy
- Captioned Media Policy
- Chosen Identity Policy
- Faculty Compensation and Load Credit for Credit‐Bearing Internships
- General Education Requirements
- Grade Grievance Procedure
- Guide For Faculty Led Study Abroad Programs
- Guidelines for Academic Standing for Matriculated Undergraduate Students
- Plagiarism Detection and the Family Education Rights and Privacy Act (FERPA)
- Planning & Conducting Distance Learning
- Prior Learning Assessment Policy
- Professional Licensure Student Location Policy
- Recording Classroom Instruction Policy
- Research Integrity Policy
- Specially Designated Course Policy
- Student Attendance Policy
- Syllabus-Guide
- Transfer Credit Policy
- Writing-Intensive Requirement
- Acceptable Use Policy for Computer Facilities
- Additional Sick Leave Request Guidelines(a.k.a. Presidential Sick Leave)
- Addressing Formal Complaints of Sexual Harassment Under the Title IX Regulation Policy
- Affirmative Action Search Waivers Policy
- Also Receives Policy
- Alternate Work Arrangements Policy
- Alternate Work Location Policy
- Background Investigation Policy
- Chosen Identity Policy
- Civility and Bullying Policy
- Consensual Relationship Policy
- Discrimination and Sexual Harassment Complaint Policy & Procedure
- Domestic Violence and the Workplace Policy
- Drug and Alcohol Free Workplace Policy
- Extra Service Processing Procedure
- Gender-Based Violence and the Workplace Policy
- Informal Resolution Policy
- Internal Promotion Policy
- Nepotism Policy
- New Position Justification
- Part Time Recruiting and Hiring Policy
- Reasonable Accommodations for State Employees
- Reimbursement of Moving Expenses Policy
- Religious Accomodations Policy
- Rules of Decorum for Formal Hearings
- Sexual Harassment Response and Prevention Policy Statement
- Telecommuting Policy
- Tobacco Use Policy
- Volunteer Policy
- Workplace Violence Prevention Policy
- Acceptable Use Policy for Computer Facilities
- Banner Security Policy
- College Email Policy
- Copyright Guidelines
- Cyber Security Awareness and Education Policy
- Data Communication Network Security Policy
- GDPR Privacy Notice
- Guidelines for the use of Digital Material
- Information Security Policy
- Privacy Policy
- Retiree Email Policy
- Wired or Wireless Network Policy
- Addressing Formal Complaints of Sexual Harassment Under the Title IX Regulation Policy
- Chosen Identity Policy
- Consensual Relationship Policy
- Freedom of Expression & Assembly for Students Policy
- Hazing Policy and Procedure
- Informal Resolution Policy
- Involuntary Leave of Absence Policy
- Personal Transportation Device Policy
- Refund Policy
- Request and Grievance Policy for Student Disability Related Accommodations
- Rules of Decorum for Formal Hearings
- Sexual Harassment Response and Prevention Policy Statement
- Student Alcohol Policy
- Student Immunization Policy