University Policies

Government Regulation Compliance Policy

Information Technology Services
Information Technology Services

Government regulation affects a wide range of core Worcester State business activities. The primary purpose of regulation is to protect consumers, however, it also benefits industry by providing consistent standards and practices to which all must adhere. It is incumbent on all staff to ensure regulatory compliance, and information systems security plays a prominent role in that process. Failure to comply could expose the University to a range of serious consequences including litigation, loss of revenue, loss of market share, and loss of public trust and confidence.

All Worcester State information and information system protection solutions must comply with all applicable government laws, regulations, and directives. [e.g. 201CMR(17), FERPA, HEOA, etc.]

  • Worcester State must evaluate its information system assets relative to government regulation and compliance to ascertain what data and resources require protection, their criticality, and the appropriate protection mechanisms.
  • Protection solutions must directly address:
    • Confidentiality, integrity, authenticity, and availability of information assets.
    • Control and accountability for system and information asset access.