Technology Support #1
1. A documented technology plan that includes electronic security measures (e.g., password protection, encryption, secure online or proctored exams, etc.) is in place and operational to ensure quality, in accordance with established standards and regulatory requirements.
Deficient Developing Accomplished Exemplary
Information security is governed by the San Jose State University Information Technology Services Policies and Standards which include the Data Center Standards . All users and departments are required to adhere to these policies and standards.
The School of Information implements processes to comply with these policies and extend their application to all aspects of the online program environment.
The School uses electronic security measures to protect personal data as well as resources that are restricted for use by the School's students and faculty.
Student and faculty access to Canvas, the course learning management system, and to MySJSU, the University’s student information system, is controlled with password protection. Authentication credentials are communicated via the secure https protocol. After an extended length of idle time, the systems automatically log out any user in order to prevent unauthorized access. All users are instructed to keep their logins private and not share them with others.
The School protects resources that are for use only by current students and staff through use of a Restricted Materials login. This login is changed each fall semester and spring semester. The username and password are provided to students by faculty members and academic advisors via secure means--usually within their Canvas sites.
The School of Information understands the critical need to protect user information and has implemented SSL encryption wherever possible in order to protect transmission of authentication information, and in several cases the user’s entire session is encrypted via SSL.
Canvas: All user sessions on Canvas are fully encrypted via SSL. The user’s entire browser session is encrypted, including all user interaction with discussion boards, messaging, online exams, file upload and sharing, and gradebooks.
MySJSU: Similarly, all user sessions on MySJSU, the University student information system, are fully encrypted. Faculty and student interaction with messaging, grades, financial aid, registration, and payments are fully protected via SSL. Faculty may securely send information to their students via the messaging system in MySJSU.
Zoom: Zoom offers end-to-end encryption for web conference meetings and group messaging. Users can select this option in their basic meeting settings. Information recorded during a Zoom Web Conferencing session is only available to the meeting host who may then decide to share it with others. Meeting hosts must be careful to avoid the accidental recording and distribution of sensitive information.
Logins to systems such as Canvas, Zoom, MySJSU, and to the Restricted Materials and library resources are encrypted via https.
The School's server security is protected through secure transmission of authentication credentials. Students and faculty who have accounts on these servers receive their logins via methods that ensure security. Initial passwords are created with a random password creation application and a system is in place to ensure deletion of the original communication of the login information.