1. Purpose

    To ensure all full- and part-time employees of Winston-Salem State University and all third parties, contractors, volunteers, or vendors are aware of, understand, and fulfill their responsibilities in regards to information security responsibilities and requirements for the University’s computing environments that they access.
  2. Prior to employment
    1. Screening/Background Checks

      Prospective employees who receive an offer of employment will be vetted via a background check including a criminal background investigation.
    2. Acceptable Use of Computing & Information Resources Policy

      Prior to access granted to University information resources, full- and part-time employees and all third parties, contractors, volunteers, or vendors who use WSSU’s information technology resources have read and accepted the terms of the policy. Proof of employee acceptance and acknowledgment will be maintained by the Office of Information Technology.
  3. During employment
    1. Management Responsibilities

      Management should ensure that all employees and contractors are aware of and fulfill their information security responsibilities.
    2. Security Awareness Training

      All University employees will receive security awareness education and training when first employed and at least annually thereafter, in addition to any specific training associated with job responsibilities and employee roles.
    3. Disciplinary Process

      Employee disciplinary processes will include applicable provisions to cover any egregious violations of approved information security policies or requirements.
  4. Termination and change of employment
    1. Termination of Employment

      Access to University information resources, work areas, and processing facilities will be revoked, and assets returned upon full termination of employment with University.
    2. Change of Employment

      Access to University information resources will be provisioned upon proper authorization and/or supervision and will be revoked when access is no longer appropriate.