Information Technology Management Policy

Decree of the Senate of the HS Georgia N12

April 17, 2019

Approved:

Academic Board of April 13, 2018

Protocol No. 2

changes:

April 17, 2019 of the Senate of HS Georgia

Protocol N3 (Decree N12)

Information Technology Management Policy

Tbilisi

Article 1. General provisions

1.1. This document defines Information Technology Management Policy, Information Technology Management Procedures, Information Technology Infrastructure and Development Mechanisms in Higher Educational Institutions (hereinafter – GE Georgia) LTD. Administrative activities and educational process, e-learning system of learning process management and rules for administering administration.

1.2. Their protection is mandatory for all persons who use the information technologies and resources of the higher education institution in their administrative, academic or student activities.

1.3. The higher education institute of Registry and Information Technology is obliged to comply with the rules set by the Georgian legislation regarding the protection of Intellectual Property, Information Technology Security and Personal Information.

Chapter I. Information Technology Management Policy

Article 2. Objectives of Information Technology Management Policy

2.1. Information security policy provides the establishment of information security control mechanisms of the higher education institution.

2.2. The areas of information security policy are:

A) Higher education institution of Georgia;

B) bases and information in the higher education institution;

C) persons who use information systems or administer their administration;

D) Persons carrying out basic data and information.

2.3. Policy defines:

A) the protection of the higher education in terms of confidentiality, integrity and accessibility of information;

B) Responsibilities for information security.

Article 3. Physical Security

3.1. The higher education institution controls the availability of unauthorized access to information assets, prevention, abduction or damage.

3.2. It is mandatory to provide computer systems and networks with physical, technical, procedural and environmental control mechanisms.

3.3. The higher education system carries out physical access to devices that contain or process high critical and / or sensitivity information. Such devices are located in a physically protected location.

Article 4. Information Security Incidents

4.1. The higher education institution is responsible for identifying security incidents which implies the study, description and adequate reaction of each incident.

4.2. Persons who are responsible for the functioning of the Information Technology System of the Higher Education periodically report the information in accordance with the information security incidents, their sources (internal, external), along with recommendations for correcting and optimization.

Article 5. Planning of the new IT management system

5.1. In the process of planning and implementation of systems, technical and functional systems of systems should be taken into account in order not to delay the functioning of critical systems.

Article 6. Management of communications, control of harmful programs and protection from viruses

6.1. The higher education institution carries out constant control over information processing equipment to ensure their proper and safe use.

6.2. To avoid the use of harmful or fraudulent programs it is necessary to control critical systems.

6.3. The higher education system conducts adequate control to avoid the spread of viruses, both inside and outside the institution.

Article 7. Management of computer network

7.1. The higher education institution is the physical and wireless network addresses of the computers and devices that belong to the higher education institution in advance in a router that grants the address to the selected address.

7.2. Such devices that do not belong to the higher education institution and use the wireless network of wifi (wifi), use a special dedicated network that allows you to access only the categories of the selected web pages that are pre-selected.

Article 8. Safety of IT management systems in the process of testing and creation

8.1. Systems are tested in isolated environments to ensure vital critical systems to be protected from mistreatment and / or damage.

8.2. The strategy developed and the functioning of the business should ensure the reduction of the risk of unexpected breakdown in the process of processing the higher education institution and timely restoration.

8.3. In case of failure of the main router, the reserve router will be activated for ten minutes after the end of the result.

Chapter II. Electronic system of educational process management system of higher education

Article 9. Description of the learning process management system

9.1. The educational process management system of the Higher Education ensures the educational and administrative activities of the higher education institution, supporting the existing processes, communication, information processing and protection.

9.2. General Functions of the System:

A) Automation of the learning process of higher education institution;

B) automation of financial module;

C) electronic documenting.

9.3. The system uses cryptography, where encrypted passwords (administrators, professors / teachers, students) are encrypted.

9.4. System users:

A) administration;

B) professor / teacher;

C) student.

Article 10. Security of Information Technology Management System

10.1. The system code is written to a specially localized server where the new module is added to the system after the checked code is uploaded to the main server;

10.2. The action logs are stored on the server, with the following data: author of action, time of action, executed action, address;

10.3. In case of major server failures, automatically reserve a backup server, which replicates the main server;

10.4. System data is stored automatically.

Article 11. Mechanisms for Information Technology Management System Development

11.1. The existing network infrastructure of the higher education system is arranged with modern standards. Higher education is constantly cared for in case of change of standards, the existing infrastructure will be in compliance with the new standard. To ensure the optimization of information resources and ongoing processes to monitor the monitoring processes in a constant manner.

11.2. The existing learning process management system is written by the existing standards, along with the standard of change, the software approach and ways of solving it.

Article 12. Conclusions

The present political model is elaborated and approved by the Senate;

Amendments and additions to the present Policy shall be implemented in accordance with the legislation.

Chairman of the Meeting:

Salome first

Secretary of the session:

Maia Adavadze