Icono de accesos rápidos
Icono del buscador
Logo UIS del sitio
Icono del buscador
Icono de accesos rápidos
Facebook Instagram X-twitter Youtube Linkedin Tiktok

Administrative Unit

Information Security and Privacy Policy

Imagen de una persona sosteniendo un computador

INTRODUCTION PSPI

The University, understanding the importance of proper information management, is committed to implementing an information security and privacy model aimed at establishing a framework of trust in the exercise of its duties before the State and citizens, within strict compliance with the law, internal regulations, and in accordance with the institution’s mission and vision, in order to guarantee the integrity, confidentiality, and availability of institutional information, its information assets, and the information of the members of its university community.

This policy was approved through Rector’s Resolution No. 1674 of November 14, 2023, and entered into force as of the date of issuance.

The information security and privacy policies must be preserved, reviewed, approved, and updated annually by the Rector’s Office and the Institutional Committee for Management and Performance.

Information Security and Privacy Policies

View PDF Document

INTRODUCTION PSPI

The University directs the objectives of the Information Security and Privacy Model toward the protection of physical and digital information, seeking to achieve high levels of quality and excellence in its daily operations, reducing the impact generated on its assets by systematically identified risks, in order to ensure the implementation of the principles of integrity, confidentiality, and availability of such information, according to the needs of the different processes, services, information systems, and identified stakeholder groups.

The management of information security and privacy at Universidad Industrial de Santander shall be guided by the following objectives:

  • Comply with the principles of information security and the administrative function.
  • Maintain security levels that provide confidence to internal stakeholders (faculty, administrative staff, students) and external stakeholders (graduates, retirees, government entities, productive sector, suppliers, and the general public).
  • Carry out comprehensive risk management associated with information and its information assets.
  • Coordinate the management and preservation of information with transparency and public access to information instruments, such as: Information Assets Inventory, Classified and Reserved Information Index, Control Tables for Access, among others.
  • Apply the information lifecycle through archival instruments such as the Document Retention Tables (TRD) and Documentary Valuation Tables (TVD).
  • Support technological innovation.
  • Carry out information migration processes that ensure availability in the face of technological obsolescence.
  • Establish policies, procedures, and instructions regarding information security.
  • Define roles and responsibilities for the implementation of the Information Security Management System.
  • Strengthen the culture of information security within the university community.
  • Ensure the continuity of processes and services in the event of incidents.
  • Define, implement, operate, and continuously improve a security model supported by clear guidelines aligned with institutional needs and regulatory requirements.

Level of Compliance

This policy applies to the entire internal university community (faculty, administrative staff, students) and external stakeholders (graduates, retirees, government entities, productive sector, suppliers, academic partners, and the general public), to information technology processes, including the University’s hardware and software.

All persons covered by the scope and applicability of this policy must comply fully with the security policies and procedures that ensure the application of the principles of confidentiality, integrity, and availability of information, under penalty of incurring violations that may result in disciplinary, criminal, administrative, among others, in accordance with the applicable legislation in force.

Level of Compliance

UIS, through Agreement 034 of 2019 of the Higher Council, approved the creation of the Institutional Committee for Management and Performance “…the body in which issues related to institutional management within the framework of the Integrated Planning and Management Model – MIPG – will be discussed…” among them, “to support the implementation of government guidelines regarding the impact of this on records management and information management”; likewise, it empowered the Rector “as the highest executive authority of the University to define and adopt the other aspects related to the implementation and operation of the Integrated Planning and Management Model – MIPG…”.

In accordance with the above, the University establishes through this Information Security Policy document that:

The person responsible for the University’s information security and privacy shall be any person belonging to an internal or external stakeholder group, for proper implementation, adoption, and correct application of the guidelines contained in the policies, according to their role, as stated in Table I. Roles and Responsibilities in Information Security at UIS.

Imagen de una mano donde flota un candado que representa la seguridad

GUIDELINES PSPI

  • Every person belonging to an internal or external stakeholder group shall be assigned some degree of responsibility regarding information security.
  • To protect the information generated, processed, or safeguarded by the University, controls shall be established to mitigate risks arising from the access granted to members of internal stakeholder groups.
  • It is necessary to apply controls that mitigate the improper use of information created, processed, transmitted, or safeguarded by the University, according to the classification of the information under its ownership or custody.
  • It is essential to protect data processing facilities and the technological infrastructure that supports critical processes.
  • The operation of processes must be controlled by guaranteeing the security of technological resources and data networks.
  • Controls for access to information, systems, network resources, and email accounts must be implemented, taking into account stakeholder groups.
  • Security must be an integral part of the lifecycle of information systems.
  • Security events must be managed appropriately.
  • It is necessary to guarantee operational continuity based on the impact that events may generate.
  • Compliance with established legal, regulatory, and contractual obligations must be ensured.

Would you like more information?

Contact Us

Icono de la unidad con la que se puede contactar
Icono de la unidad con la que se puede contactar

Division of Information and Communication Technologies – DTIC

Phone: +57 (607) 634 4000

Extension:  2161 – 1247

Email: dtic@uis.edu.co

Icono de ubicación de la unidad que atiende
Icono de ubicación de la unidad que atiende

Campus Central UIS

Bucaramanga, Santander

Carrera 27 calle 9

Edificio administración 2, primer piso

Icono de horarios de atención
Icono de horarios de atención

Office Hours

Monday to Friday

7:00 a. m. – noon

2:00 p. m. – 5:00 p. m.

Skip to content