May 20, 2026  
Policies 
    
  Catalog Home

  Academic Affairs
  Administrative Organization
  Business and Finance (Includes Plant Operations)
  College Advancement and Public Relations
  Economic and Workforce Development
  General Information
  Organizational Culture and Engagement
  Institutional Effectiveness, Research, and Planning
  Purpose, Values and Mission
  Student Affairs
  System of Governance
  TCAT
  Technology Division
  Title IX

  08:30:00 Approval of Technology Resources
  02:45:00 Awarding Posthumous Academic Credentials
  My Portfolio
HELP
Policies

Technology Division

08:15:00 Security Incident Response
 

 

  1. Introduction and Purpose  
    1. To safeguard the College’s digital assets and maintain the integrity of institutional operations, Chattanooga State must effectively identify, respond to, and recover from security incidents. This policy establishes the governance framework for managing actual or suspected compromises of information technology resources and data, ensuring compliance with TBR Guideline B-080. 
  2. Scope  
    1. This policy applies to all technology resources owned or operated by the College and all institutional data, regardless of the medium or location. It covers all faculty, staff, students, contractors, and guests accessing the College network. 
  3. Definition of a Security Incident  
    1. A security incident is defined as any actual or suspected event that: 
      1. Violates the College’s technology policies or standard security practices. 
      2. Compromises the confidentiality, integrity, or availability of institutional data. 
      3. Jeopardizes the functionality of the College’s IT infrastructure. 
  4. Reporting Obligation 
    1. User Responsibility: Any authorized user who suspects an IT security incident-such as a lost mobile device containing College data, unauthorized account access, or a potential malware infection-has a mandatory obligation to report the event immediately to the Technology Division. 
    2. Confidentiality: Security incident reports are considered confidential and shall be shared only on a need-to-know basis to protect the integrity of the investigation. 
  5. Authority and Response Governance 
    1. System Isolation: The Technology Division is authorized to immediately isolate any system or disconnect any device from the network that poses an active threat to institutional security or performance. 
    2. Resource Impoundment: In support of TBR Guideline B-080, the Technology Division is authorized to take possession of any hardware or storage media necessary to perform a technical investigation or to maintain a litigation hold. 
    3. External Reporting: In accordance with TBR mandates, the College must report confirmed or suspected unauthorized acquisitions of computerized data to System-wide Internal Audit within five (5) working days. 
  6. Enforcement  
    1. Failure to report a known security incident or intentional interference with a security investigation may result in the immediate suspension of IT access and further disciplinary action in accordance with employee or student handbooks. 

                                                                                                                       

Submitted to Policy Review Committee on March 2, 2026

Submitted to Policy Review Board on April 13, 2026

Approved by Policy Review Board on April 29, 2026

 

Previous Version: 

Submitted to Policy Review Committee on October 24, 2018

Submitted to Policy Review Board on November 30, 2018

Approved by Policy Review Board on December 6, 2018