8.2 Information Security Program

Overview: The College operates and maintains an Information Security Program ("ISP") to ensure the confidentiality, integrity, and availability of college data, based on classification, and those related information systems and services that are necessary to the support of the mission of the college and the students while maintaining compliance with local, State, and federal standards, policies, and laws.  The College uses the Statewide Information Security Manual published by the North Carolina Department of Information Technology as the principal cybersecurity framework for a system-wide information security and risk management program.  The College's use shall be consistent with the provisions of the State Board Code.

Cybersecurity Incidents: The College shall not submit payment or otherwise communicate with an entity that has engaged in a cybersecurity incident on an information technology system by encrypting data and then subsequently offering to decrypt that data in exchange for a ransom payment.  Consistent with State law, the College consults with the North Carolina Department of Information Technology regarding cybersecurity incidents.