SF State is committed to limiting the proliferation of sensitive data and maintaining the security of customer information, including payment cardholder information such as: payment card account number, expiration date, and payment cardholder verification number. To uphold this commitment, SF State follows the standards for protecting payment card information as required by merchant banks and the security controls required by the Payment Card Industry Data Security Standard (PCI-DSS).
This Practice Directive defines requirements for system change management for San Francisco State University-owned information technology systems, network resources (such as switches, routers and firewalls) and applications.
All information technology systems, network resources and applications owned by San Francisco State University will be administered according to a documented and management approved change control process.
This Practice Directive defines requirements for applications (including software on appliances) developed or deployed (whether on or off-campus) for San Francisco State. This applies to technology purchased, obtained at no cost or custom developed (in-house or by third-parties).
This Practice Directive provides direction and support for managing access to SF State information assets and guidance for granting access to SF State information assets, separating duties of individuals who have access to SF State information assets, conducting reviews of access rights to SF State information assets and modifying users' access rights to SF State information assets.
The P-Card should be the primary means to obtain approved supplies costing $2,500 or less per transaction (including tax and shipping). Cardholders are encouraged to use the Procurement Card for such purchases to achieve cost savings for the university and improve processing time. Use of the P-Card reduces the traditional and labor intensive procurement process for these types of purchases.
SF State University promotes communication among all members of the University community and the public that it serves. To enhance communication, the University is committed to maintaining an online directory that contains current contact information of all current SF State faculty and staff.
Passwords are an important aspect of computer systems security. They are typically the first line of protection for user accounts. A poorly chosen password may result in a serious breach in network and systems security resulting in loss or exposure of SF State Confidential Data and system compromise.
The purpose of this Practice Directive is to ensure devices are running operating systems that can be maintained securely to comply with CSU and SF State regulations regarding security of information, and to protect SF State Confidential data.