麻豆视频

YVC is committed to ensuring the protection, proper management, and secure use of IT resources. This procedure outlines the guidelines and responsibilities required to maintain the security and functionality of YVC鈥檚 IT assets. All members of the YVC community are responsible for following the practices outlined herein.

1. Alignment with State Standards.YVC will adhere to WaTech IT Security Policies and Standards and TSB requirements to protect sensitive data and transactions within YVC and the SBCTC system.
2. Compliance and IT Security Audit.YVC will document all processes in a comprehensive IT Security Audit, following WaTech's IT Security Audit Process. Compliance audits may be conducted internally or by independent auditors, such as the State Auditor, to ensure adherence to WaTech鈥檚 IT Security Audit and Accountability policy.
3. Audit Results and Corrective Actions.Audit results will be reviewed internally and assessed by appropriate parties. Sensitive audit findings may be exempt from public disclosure per and
4. Employee Awareness and Training.YVC will provide IT Security training for new employees and ongoing awareness training to protect technology resources.
5. Annual Review and Updates.YVC will annually review and update security processes, policies, and practices to ensure they remain effective and current, especially after significant changes to business or technological environments.
6. Confidentiality of Security Procedures.YVC will safeguard the confidentiality of IT security procedures, standards, and practices, handling distribution with consideration of risks and statutory exemptions from public disclosure (, ). It is the intent of YVC to take precautions to prevent the release of sensitive security-related information that could compromise the security of its IT environment, employees, or business operations.

1. Maintaining an IT Security Audit. Technology Services maintains IT Security Audits on behalf of the college, which includes comprehensive documentation of all IT security processes as required by Washington State WaTech Policies.
2. Providing Secure IT Solutions. Technology Services is responsible for providing YVC with secure business applications, services, infrastructure, and procedures that address the college's business needs while ensuring compliance with IT security policies and best practices.
3. Enforcing Internal Security Standards. Technology Services follows and enforces internal security standards established for creating and maintaining secure access sessions to college applications and IT systems.
4. Reporting Security Breaches. Technology Services may notify appropriate administrator(s) when an individual or individuals have knowingly compromised IT security on campus. Technology Services is not responsible for determining disciplinary action for violations of IT security policies, procedures, or standards. Disciplinary measures may be handled by the appropriate campus office, administrator, or local law enforcement, depending on the scope and nature of the violation.

The use of YVC technology resources is strictly intended for use by YVC authorized users. This prohibits others, such as family members and friends, from using YVC-controlled technology resources for any purpose.

Additionally, the state specifically prohibits certain use, including:

The use of YVC technology resources is strictly intended for use by YVC authorized users. This prohibits others, such as family members and friends, from using YVC-controlled technology resources for any purpose. Additionally, the state specifically prohibits certain use, including:

• Supporting, promoting, or soliciting for an outside organization, group, or business, unless authorized.
• Promoting personal business interests or conducting private employment.
• Political campaigning or lobbying, except under specific conditions.
  • College facilities may be used for political campaigning if rental costs are paid. Soliciting contributions on college property for political purposes is prohibited.
• Personal political advocacy or promotion of personal religious organizations.
• Commercial uses, such as advertising or selling.
• Personal use of YVC email distribution lists.
• Any illegal or unethical activity.
• Infringement of copyrights.
• Any form of harassment, including sexual harassment.
• Discrimination based on race, creed, color, marital status, religion, sex, national origin, age, veteran鈥檚 status, sexual orientation, or disability.
• Accessing, downloading, or disseminating inappropriate workplace materials, such as pornography or racist content.
  • This restriction does not apply if used for specific academic purposes.
• Downloading software or files via the Internet for personal use.
• Activities using excessive network bandwidth, such as downloading music.
  • This prohibition does not apply to students when directed by a faculty member for educational purposes.

Confidentiality, Retention and Access to Public Records

YVC employees should be aware that electronic communications (email, messaging, files, fax, voicemail) and YVC and third-party software and applications create reproducible electronic records, which are not private. These records are considered writings and may be public records subject to disclosure under Washington鈥檚 Public Disclosure Act ; or for audit and legitimate YVC operational purposes.

All electronic records are maintained according to state-approved retention schedules ( YVC Administrative Procedures 1.34 and 6.05). Public records are released upon request, as mandated by the Public Disclosure Law, which emphasizes full access to government information.

Any activity conducted by YVC employees using state resources is considered a public record and subject to disclosure, whether for official duties or other purposes. While exceptions exist, state law favors broad disclosure of public documents. Questions about public records or employee privacy should be referred to the College鈥檚 Public Records Officer (YVC Administrative Procedure 2.08).

Student education records are confidential and can only be released in accordance with the and the College鈥檚 administrative rules. Questions about student records should be directed to Student Services.

Policy Update Procedure

Procedure updates and policy changes related to Tech Services should be reviewed by both the Director of Human Resources and the Public Records Officer to ensure compliance with applicable laws, internal collective bargaining agreements, and regulations. This collaborative review ensures that all changes align with legal requirements and best practices.

Sanctions

Violation of any provisions of this procedure will be addressed in accordance with the college's policies, procedures, and standards. Disciplinary actions may include:

• Disciplinary Action: Any disciplinary action will be taken in accordance with Human Resources procedures and/or applicable collective bargaining agreements.
• Dismissal from the College: Violations may result in dismissal from the college.
• Referral to the Washington State Ethics Board: Serious violations may be referred to the Washington State Ethics Board.
• Legal Action: Legal action may be pursued where applicable.

Additionally, some violations of this procedure may constitute state, local, or federal criminal offenses and will be reported to the appropriate authorities.

• Ethics in Public Service
• Public Disclosure Act
• Public Records Act RCW 
• Preservation and Destruction of Public Records
•  
• Use of State Resources
•  
• YVC Equipment Use Procedure - Equipment Use 
• YVC Administrative Procedures - Records Management 
• YVC Administrative Procedures - Messaging Usage 
• YVC Administrative Procedures - Public Records 

Use of the YVC technology resources, network, and data management systems shall be for the purpose of facilitating the exchange and storage of information, including information on students and/or employees, and compliance with and< furtherance< ofeducation, and< administrative missions of the college. The use of YVC technology resources/network will be consistent with the purposes and< objectivesof YVC andthe State Board for Community and Technical Colleges (SBCTC).

The goals of the Acceptable Use of YVC Computers/Network Procedure are to:

1. Help assure the integrity and reliability of the YVC internal networks, hosts on those networks and any computing resource connected to them.
2. Ensure the security and privacy of the YVC computer systems, networks and data. YVC Admin Procedure 1.34
3. Ensure the protection and retention of sensitive college data.
4. Establish appropriate guidelines for the use of YVC-owned technology, network, and YVC owned data whether accessed on and off- campus.

It is not the intent of this procedure to limit academic freedom, but to provide an appropriate framework for the proper exercise of those freedoms. Furthermore, it is not the intent of this procedure to impinge on the intellectual property rights of authorized users.

YVC employees, students and non-employees who are authorized to use YVC network and resources may:

1. Use YVC owned computers, programs and data to which each individual has authorized access.
2. Use computing and networking facilities and resources in a manner that is consistent with the mission and educational purpose of YVC.
3. Use YVC provided networking, including access to the internet.

Requests for third-party access to stored electronic messages will be handled  through the college鈥檚 public record officer (see the procedure YVC Administrative Procedure 2.08 Public Records Request). YVC may be required to provide third parties with access to honor valid legal discoveries and public records requests.

Prohibitions

The use of YVC technology resources that violate  YVC Board Policy 1.05 Standards of Ethical Conduct or any other YVC policy, procedure, or standard, as well as state and federal rule, is strictly prohibited.

Specifically, the following actions are prohibited:

1. Compromising Security: Attempting to breach, or assisting others in breaching, the security of any YVC network or technology resource, or facilitating unauthorized access.
2. Malicious Software: Using YVC technology resources to create, distribute, or execute self-replicating or destructive programs (e.g., viruses, worms, Trojan horses, malware, ransomware).
3. Impersonation and Deception: Engaging in activities that involve disclosing, impersonating, or masquerading (e.g., spoofing, pretending to be someone else).
4. Unauthorized Access or Modification: Viewing, copying, altering, or destroying data, software, documentation, or communications belonging to YVC or another individual without proper authorization. YVC Admin Procedure 1.34
5. Account Sharing: Allowing anyone, whether authorized or not, to use your login credentials or password to access YVC technology resources.

These procedures apply to all YVC employees, students and non-employees who may be authorized to use the YVC computing resources.

Under certain circumstances YVC employees may be authorized to take YVC-owned computing systems home for use in fulfilling their official duties.
1. TS technical support staff will perform the initial installation and software configuration.
2. All provisions for the use of state-owned equipment identified in the YVC Administrative Procedure 6.02 Acceptable Use of Technology Resources will apply.
3. All provisions of this procedure will apply.

Materials stored on the YVC network or on YVC computers are the property of the College and may be inspected at any time. Users are also reminded that these materials constitute a public record, which can be examined by members of the public if an appropriate request is received. Details regarding requests for stored data can be found in YVC Procedure 2.08.

Given sufficient cause, the Director of Human Resources, or his/her authorized designee, has the right to obtain access to materials stored on the YVC network which are under the control of YVC employees in their administrative units or work areas when such access is necessary to conduct YVC business. The Director, or his/her designee, will identify the specific materials required and the employee will be given sufficient opportunity to provide YVC with the requested materials. In the case of an emergency, best efforts will be made to contact the employee prior to accessing the specific materials required.

Any individual鈥檚 network use privileges may be suspended immediately upon the discovery of a possible violation of this procedure. Such suspected violations will be confidentially reported to the appropriate supervisors and/or administrators.

• YVC Administrative Procedure 1.34 Records Management Program
• YVC Administrative Procedure 2.08 Public Record Requests
• YVC Administrative Procedure 6.02 Acceptable Use of Technology Resource
•  
•  

Through the annual budget planning process, technological needs are identified and documented based on assessments, including feedback from Deans, end-of-life support dates, inventory reviews, and security requirements. Proposed new technologies are then evaluated by Technology Services staff to ensure they meet security, accessibility, and integration standards. Following this evaluation, proposals are reviewed by the appropriate administration for budget consideration and final approval.

Staff and faculty will typically be issued technology tools required for their specific job duties, including college computers when applicable, which will be assigned and distributed by Technology Services (TS). 

Equipment is typically provided through centralized technology funds, departmental budgets and/or grant funding. If extra technology beyond the campus standard is needed for varying computer needs, departments can present their case. 麻豆视频 (YVC) Technology Services reviews requests individually, considering the equipment's age, life cycle, and current inventory to accommodate necessary technology.

To ensure a consistent and efficient work environment, the following standards have been established for computer and monitor/display provisions. Each employee whose position requires one computer will typically receive either a laptop typically accompanied by a docking station, or one desktop computer. Additionally, each employee will be supplied with one monitor, with size determined based on availability and job requirements (commonly 24 or 27-inch).  On occasion, a larger monitor is requested. While requests for additional monitors can be made, approval is not guaranteed and will be considered based on funding, specific job requirements, and accommodation. 

These standards aim to balance resource allocation with the diverse needs of our staff.  Requests for an additional or alternative device can be requested using the Additional Technology Device 鈥� Request.

The college draws from as a guiding framework, particularly in establishing its useful life schedule. Useful Life refers to the duration during which equipment can be utilized in the most technically efficient manner by the Technology Services organization, and is subject to change, as shown below.

This procedure provides guidance regarding record status, retention, and management of electronic mail (email) messages. Organizing and managing email (and other electronic files) will save space, provide more efficient access, maintain confidentiality where needed, and reduce legal exposure in "discovery" proceedings.

Email is just another public record. Formally, it is a document created or received on an electronic mail system, which includes brief notes, more formal or substantive documents, and any attachments that may be transmitted with the message. Messages and attachments should be filed and retained according to the legal retention required for the informational content of each (see Retention below). To assure appropriate retention of public records generated or received through an email system.  Electronic records must be retained in electronic format and remain usable, searchable, retrievable and authentic for the length of the designated retention period. Printing and retaining a hard copy is not a substitute for the electronic version unless approved by the applicable records committee. An agency is responsible for a security backup of active records. A security backup must be compatible with the current system configuration in use by the agency. 

Confidential and sensitive information should not be sent via electronic messaging. The privacy and integrity of an email message cannot be guaranteed. Also, once created, there is no guarantee that attempts to erase or delete email will be effective. For more information on email encryption please contact Tech Services Help Desk.

All messages originated or transported within or received in the email system are considered the property of the agency. If requested by a member of the public, email will possibly be released. For further information, see the Public Records Act (), and the Ethics Board WAC (), (See also YVC Administrative Policy and Procedures 2.08 Public Record Requests and Board Policy 1.05 Standards of Ethical Conduct).Electronic copies (such as flash/USB drives) of deleted documents are also subject to the Public Records Act.

Email messages are subject to the guidelines in and YVC Administrative Procedure 1.34 Records Management Program regulating the preservation and destruction of public records and as such are managed through records retention schedules.

1. One of the greatest challenges of managing e-mail effectively is to ensure that all records, which originate or are transmitted through the system, are identified, retained, and managed properly. Records should be readily available and accessible to all authorized users when they need them and in a useable format. This means that the identity, purpose, and location of records are predictable, consistent, and reliable; methods for access and retrieval are simple and well defined; and records management practices are incorporated into day-to-day business activities.
2. Records that must be retained should be segregated from transitory records that do not document YVC business, extra copies of documents, and drafts that do not reflect substantive changes. Because e-mail is easy to use for both formal and informational communications, the proliferation of informal and transitory messages that do not provide evidence of official policies and transactions is a common problem in e-mail systems. Messages with no retention value do not warrant the same degree of control, security, or protection, and they accumulate rapidly in e-mail systems.
3. The content and not the medium determine the treatment of the message. E-mail records, like other YVC records, must be classified within the appropriate record retention schedule. For instance, all e-mail may be considered correspondence, but may include attachments such as reports, contracts, accounting records and so on. Please contact the and/or the college鈥檚 Records Officer to determine the retention period for your documents.

All users of the YVC network have a responsibility to comply with this procedure and to understand their responsibilities and all expectations as spelled out in the YVC Administrative Procedures 6.02 YVC Acceptable Use of Technology Resources and the YVC IT Security Standard 6.29 E-mail Accounts. This includes the requirement for confidentiality, retention and access to public records detailed there.

Violation of any of the provisions of this procedure will be dealt with in the same manner as violations of other college policies, procedures or standards, and may result in disciplinary review. In such a review, the full range of disciplinary sanctions is available, including but not limited to: 1. Disciplinary action 鈥� Any disciplinary action will be taken in accordance with appropriate Human Resources procedures; and/or applicable collective bargaining agreements 2. Dismissal from the college; and/or 3. Referral to the Washington State Ethics Board; and/or 4. Legal action. Some violations of this procedure may also constitute a state, local or federal criminal offense.  (See)

This procedure is governed by , which defines the powers and duties of the State of Washington Information Services Board (ISB), including the authority to establish statewide policies, standards, and procedures for information services.

This procedure is intended to be in compliance with current ISB policy, . (the Copyright Act), and related laws, as well as the YVC Board Policy 3.01 Copyright. This procedure is intended to complement, not replace, those provisions. 

It also aligns with YVC procedures 6.01 Information Technology Security, 6.02 Acceptable Use of Technology Resources, 6.03 Acceptable Use of YVC, and 6.04 Acceptable Use of the YVC Network and Data Management Systems and additional policies, procedures and standards may also apply.

YVC is committed to responsible and lawful use of software. Appropriate licensing or written permission from software copyright holders should be obtained before using, installing, or copying software. This is typically accomplished through formal licensing agreements, or official documentation from the copyright owner outlining usage terms. While some software may not require separate written permission, usage rights are typically defined by a license agreement (EULA) or terms of service, which must be followed. For questions about specific software licenses, please contact the YVC Help Desk.

Copying, reproducing, transmitting, or installing software on YVC computing equipment is prohibited unless explicitly permitted by the applicable software license or authorized by this procedure. Software may not be installed or used on YVC systems without verifiable proof of legitimate ownership or licensing. The use of unlawfully obtained software on any YVC computing equipment is strictly prohibited.

麻豆视频 (YVC) retains sole ownership of all software acquired with state funds or grants for which YVC serves as the fiscal agent. Additionally, YVC holds ownership of all data and software developed or modified by employees in the course of their assigned job responsibilities. Software or applications created independently by employees on personally owned devices for non-college use are not governed by this procedure. Any exceptions must be pre-approved through a formal agreement negotiated with the Vice President for Instructional Services prior to the initiation of development activities.

No college facilities, including computer labs, computer classrooms and electronic classrooms, may be used by individuals or groups from outside the college unless the facilities have been reserved. The Office of Facilities Use Coordinator is authorized to schedule facilities, and consummate rental and use agreements.

A YVC lab technician must be present during the scheduled time of use, to provide technical support.

The costs associated with this type of direct support for renters are defined in accordance with the YVC Facilities Use: Fee Schedule Policy. (Board Policy 3.02 Facilities Use, Appendix 3 鈥� Fee Schedule)

Renters are granted policy security privileges, or access, to the computing equipment in YVC computer labs sufficient to accomplish their educational goals. The business impact of the request will be evaluated and balanced against the potential risk and threat to the YVC Network, using the YVC IT Security Standard 6.54 Security Privileges as a guideline.

All general lab rules spelled out in the 6.07 YVC Computer Labs Procedure apply to the use of rented computing facilities. The primary contact representing the renter will be given a copy of those rules upon signing the contract and will be held responsible for ensuring that the rules are observed.

In addition, there may be signs, posters, and/or announcements posted, either in print or electronically, at any YVC computing facility providing information deemed appropriate by the Director of Technology Services related to the use of that facility. Renters are expected to comply with all postings in all rented facilities.

The following rules are reiterated here to clarify any exceptions which apply to rented facilities.

The Campus Security Office and Technology Services work together to enforce YVC policies for facility rentals. They make sure renters follow all rules and requirements, coordinating with other departments as needed.

Priorities for facilities scheduling will be in accordance with the YVC Policy on Facilities Use: Scheduling.

Renter login accounts for YVC's labs and classrooms are created shortly before use and disabled immediately afterward. The renter's contact person will receive account details at the start of the event. These accounts have limited access and cannot interact with administrative networks or computers, with security measures ensuring this separation. 

• Illegal copying of software is prohibited and grounds for event termination.
• Tampering with files or engaging in malicious mischief with hardware or software can lead to event termination and/or criminal prosecution.
• Renters must not attempt to install software on lab systems.

All terms defined in the 6.02 Acceptable Use of Technology Resources Procedure are applicable in this procedure. In addition, the following are defined:

YVC Procedures

• YVC Board Policy 3.02 Facilities Use
• YVC Board Policy 6.00 IT Security
• YVC Administrative Procedure 6.01 Information Technology
• YVC Administrative Procedure 6.02 Acceptable Use of Technology Resources
• YVC Administrative Procedure 6.03 Acceptable Use of YVC Computers
• YVC Administrative Procedure 6.04 Acceptable Use of YVC Network and Data Management Systems
• YVC Administrative Procedure 6.05 Electronic Messaging and Retention
• YVC Administrative Procedure 6.06 Software Licensing Compliance
• YVC Administrative Procedure 6.07 Computer Labs
• YVC Administrative Procedure 6.08 Computer Facilities Rentals

麻豆视频 (YVC) maintains computerized systems that process and store personal information, including data subject to federal and state privacy laws. In the event of a security breach involving unencrypted personal information, YVC is required to notify affected individuals when there is reasonable belief that an unauthorized party has acquired or accessed such information.

Notification Requirements

• Timeliness of Notification
  YVC will issue a breach notification as quickly as possible, without unreasonable delay, following the discovery or confirmation of a breach. Notification must be consistent with:
  • The legitimate needs of law enforcement (if an investigation could be impeded, notification may be temporarily delayed at the request of a law enforcement agency); and
  • Measures necessary to assess the scope of the breach and to restore the integrity of the affected system(s).
    
    
• Good Faith Access Exception
  Access to personal information by a YVC employee or official with a legitimate educational or business purpose does not constitute a breach, provided the data is not misused or subject to unauthorized redisclosure.
  
  
• Technical Breach Exception
  YVC is not obligated to issue a breach notification if the security incident:
  • Involves encrypted data and the encryption key was not compromised.
  • Does not reasonably appear to pose a risk of identity theft, fraud, or other criminal misuse of the information.

YVC will follow notification protocols as required under RCW 42.56.590, including the content and format of the notice, and methods of delivery (e.g., email, postal mail, website posting, or notification to major media, depending on the scope of the breach).

All 麻豆视频 (YVC) employees and designated school officials are responsible for understanding and complying with this procedure. Certain administrative units carry additional responsibilities for the ongoing maintenance, enforcement, and communication of this policy.

• Individual Responsibilities
  All YVC school officials and employees must:
  • Promptly report any suspected or confirmed data breaches or security incidents in accordance with this procedure.
  • Participate in relevant training or awareness efforts regarding breach response protocols.
  • Comply with all provisions of state and federal law, YVC policies, and this procedure when handling personal or sensitive data.
• Policy Maintenance and Oversight
  • Technology Services (TS)
    • The Director of Technology Services in collaboration with the TS Information Security Officer (ISO), or their designees, holds primary responsibility for maintaining and administering this procedure.
    • TS is responsible for:
      • Drafting and updating the procedure in consultation with the Administrative Council.
      • Conducting a formal review process, including appropriate campus stakeholder input.
      • Submitting final updates to the college president for approval.
      • Publishing the approved procedure and communicating changes across campus, including an overview of the implications for employees and other affected parties.
• Human Resources (HR)
  • The Chief Human Resources Officer is responsible for:
    • Reviewing proposed updates or changes to this procedure to ensure alignment with institutional HR policies and employee responsibilities.
    • Providing input regarding the implications of the policy for college personnel.
    • Coordinating response protocols involving employee conduct or performance, as applicable.

麻豆视频 provides information technology systems and services to support its educational, administrative, and operational functions. While the College takes reasonable measures to secure its systems and protect data, it makes no warranties, express or implied, regarding the availability, performance, or security of its computing systems, electronic communications, or network resources.

To the extent permitted by law, 麻豆视频 shall not be liable for any direct, indirect, incidental, or consequential damages resulting from the use, misuse, or inability to use college-operated or college-contracted information technology resources, including those arising from security incidents, breaches, or data loss.

• Initial Discovery and Reporting
  Any individual who discovers or is informed of a potential incident/breach involving YVC technology systems that may result in the unauthorized acquisition of computerized personal information must immediately notify the YVC Help Desk.
  Upon receipt of the report, the Help Desk will promptly escalate the incident to the IT Security Administrator or their designee for evaluation.
  
  
• Investigation and Assessment
  The TS ISO or designee is responsible for:
  • Initiating a breach investigation with technical representatives from Technology Services (TS).
  • Assessing the nature and scope of the potential breach.
  • Notifying the Director of Technology Services or designee of the incident and preliminary findings.

If the breach involves the physical loss or theft of a device or storage medium containing personal data, the Campus Security Office will also be notified.
All investigations will follow the protocols outlined in YVC IT Security Standard 6.37: Intrusion Detection and Incident Response.

• Coordination and Law Enforcement Notification
  

  The Director of Technology Services, or designee, in consultation with the IT Security Administrator, will:

  • Determine whether the incident requires notification to law enforcement.
  • Coordinate with Campus Security.
  • Designate the IT Security Administrator or designee as the primary liaison with any law enforcement agencies involved.
    
    
• Breach Report and Documentation
  The TS ISO or designee will submit a formal report to the Director of Technology Services within seven (7) calendar days of the discovery of the breach. The report will detail:
  
  • The nature of the incident
  • The scope and types of personal information involved
  • Systems or devices affected
  • Actions taken to mitigate the breach
    
    
• Disclosure Determination and Notification
  

  If it is determined that unencrypted personal information was, or is reasonably believed to have been, acquired by an unauthorized person, the Director of Technology Services will consult with:

  • The Chief Human Resources Officer
  • The Vice President of Instruction, Vice President of Student Services
  • The President of the College

Together, they will determine:

• • Whether notification to affected individuals is warranted
  • The appropriate method and content of notification, as required by RCW 42.56.590.

• Notification Methods
  If disclosure is required, notification to affected individuals will occur without unreasonable delay, consistent with any law enforcement needs and investigative efforts. Notification may be made through one or more of the following methods:
  
  • Written Notice
    Delivered via U.S. mail to the last known address of the affected individual.
  • Electronic Notice
    If consistent with the provisions regarding electronic records and signatures under the Electronic Signatures in Global and National Commerce Act (15 U.S.C. 搂 7001).
  • Substitute Notice
    May be used only if:
    • The cost of providing direct notice exceeds $250,000, or
    • YVC lacks sufficient contact information to provide direct notice.

Substitute notice must include all of the following:

• • Email notice (if available)
  • Conspicuous posting of the notice on the YVC website
  • Notification to major statewide media outlets

•  YVC IT Security Standard 6.37 鈥� Intrusion Detection and Incident Response
  Provides technical guidance for identifying, responding to, and reporting security incidents that may impact the confidentiality, integrity, or availability of YVC鈥檚 information systems.
• Family Educational Rights and Privacy Act (FERPA):
  Federal law that protects the privacy of student education records and governs the conditions under which information can be disclosed.
• 15 U.S.C. 搂 7001 鈥� U.S. Code General Rule of Validity (Electronic Signatures in Global and National Commerce Act)
  Establishes the legal validity of electronic records and signatures, applicable to electronic notification methods.
• RCW 42.56.590 鈥� Personal Information:
  Washington State statute requiring notification when certain types of unencrypted personal information are reasonably believed to have been acquired by an unauthorized person.

Certain exceptions to this procedure may be necessary based on specific technical constraints, platform limitations, or business requirements. All exceptions granted must be formally documented and submitted to the YVC IT Security Administrator, who will retain a record of the exemption.

Each exemption request must include:

• A detailed description of the exception.
• A justification explaining why the exception is necessary, such as platform limitations or essential business needs.
• A description of compensating controls implemented to mitigate any risk associated with the exception.
• A risk assessment conducted by the YVC IT Security Administrator and/or the Director of Technology Services.

麻豆视频 (YVC) partners with the Center for Internet Security (CIS) in the development and maintenance of a significant portion of the college鈥檚 administrative application systems. This collaboration also supports various aspects of data management across the institution.

Additionally, YVC regularly transmits institutional data to third-party vendors, government agencies, and other business partners. Given the sensitivity of certain datasets, proper handling and secure transmission of this information is critical.

The most significant risks associated with these data flows include:

• Malicious and/or unauthorized disclosure of information
• Malicious and/or unauthorized modification or deletion of information
  The primary concern related to these administrative systems is unauthorized access鈥攚hether through data disclosure or manipulation鈥攚hich could result in fraud, data breaches, or violations of institutional policy and regulatory requirements.

General
When transferring production data to a business partner that is not a member of the Washington State Board for Community and Technical Colleges (SBCTC), Yakima Valley College (YVC) must ensure the confidentiality, integrity, and security of the data throughout the transfer process.

All data transmitted over public or untrusted networks must be encrypted in transit using strong, industry-standard encryption protocols. These protocols must align with the current Washington State Office of Cybersecurity (OCS) policies and applicable federal standards, such as NIST Special Publication 800-52 and FIPS 140-3.

For any external data sharing arrangement, whether governed by a contract, service-level agreement (SLA), or a standalone data sharing agreement, a formal Data Sharing Agreement must be executed. See Appendix A for the required Data Sharing Agreement template. 

This agreement must explicitly address the following elements:

1. Type of Data to be Shared 鈥� Including a description of the data and its source.
2. Data Classification Level 鈥� As defined by YVC鈥檚 data classification policy (e.g., Public, Confidential, or Restricted).
3. Method of Access or Transmission 鈥� Including technical details of the transfer method (e.g., SFTP, VPN, encrypted email).
4. Authorized Personnel or Roles 鈥� Identifying individuals or job functions permitted to access the data.
5. Security Measures 鈥� Detailing how the data will be protected in transit and at rest.
6. Data Disposition Plan 鈥� Describing how the data will be securely deleted or returned to YVC once it is no longer required for the contract鈥檚 purpose.

Data requests will be classified as one of two types: Internal or External.

• Internal requests (YVC), require a Data Sharing Request form only and will adhere to all applicable standards.
• External requests (non-YVC entity), require both a YVC Data Sharing Request form and YVC Data Sharing Agreement to be completed and will adhere to all applicable standards. 

Whether for internal or external use, all data transfers must comply fully with the following secure handling practices:

• Access Control:
  Protected data must not be stored on any shared drive or server space accessible to users who are not authorized to access the information.
• Data Deletion:
  Protected data must be deleted from any local workstation drive as soon as practical after its immediate use is complete.
• Data Encryption at Rest:
  • When not in immediate use, any protected data copied from its original secure location and stored on any form of storage media (including workstation drives) must be encrypted using a strong, industry-standard encryption algorithm in accordance with YVC IT Security Standard 6.71 鈥� Encryption.
  • Encryption is mandatory for protected data stored on portable storage devices, including but not limited to:
    • Laptops and tablets
    • USB flash drives
    • External hard drives
    • DVD/CD-ROMs
    • SD cards and other removable media
      
      
  • Additional guidelines are provided in YVC IT Security Standard 6.52 鈥� Portable Storage Devices.
    
    
• Data Encryption in Transit:
  Encryption is required for all protected data transmitted across public or untrusted networks. The specific method depends on the type of transfer:
  
  • If encryption is required during interactive sessions (e.g., remote access), the guidelines in this procedure must be followed.
  • If state or federal regulations mandate encryption of other YVC data鈥攅ven if not labeled 鈥減rotected鈥� by policy鈥攖hose requirements must also be followed.
  • Both endpoints in any electronic transmission must be verified as secure. If assurance cannot be obtained, a physical transfer method (e.g., encrypted USB) is preferred.
  • All electronic transfers of protected data must include confirmation of receipt by the intended recipient:
    • If the method of transfer (e.g., secure file transfer) includes automatic confirmation, this is sufficient.
    • If no built-in confirmation exists, a separate confirmation must be obtained (e.g., via email or phone).

Email is one of the most common methods of modern data transmission. Yakima Valley College (YVC) has implemented a secure email system that enables communication with external entities while supporting confidentiality and data integrity requirements. When transmitting any data via email, the following standards apply:

• Use of Authorized Email Accounts
  • All email transmissions of protected data must originate from YVC-provided campus email accounts.
  • Personal email accounts (e.g., Gmail, Yahoo, Outlook.com) and email systems not hosted or managed by YVC must not be used to transmit protected information under any circumstances.
• Encryption Requirements
  • Protected data must be encrypted prior to transmission via email.
    This includes both the email body and any attachments containing protected data.
  • Only encryption tools and protocols authorized by:
    • YVC IT Security Standard 6.71 鈥� Encryption, or
    • Approved directly by the YVC IT Security Administrator may be used for email encryption.
      
      
• Recipient Access Control
  • Encryption mechanisms must be configured such that only the intended recipient can decrypt and view the email content.
  • The encryption method must prevent unauthorized third parties from accessing the data in its original, unencrypted form.
• Email Archiving and Access
  • Email messages (whether encrypted or not) must be retained in accordance with YVC Administrative Procedure 6.05 鈥� Electronic Messaging and Retention.
  • YVC email systems will be configured to allow IT support personnel to decrypt YVC-generated email messages if required for administrative, security, or legal purposes.
    • Decryption by someone other than the original sender may only occur with prior authorization from the Director of Technology Services or a designated authority.

For data submitted via secure web portals鈥攕uch as those operated by the Social Security Administration (SSA), Internal Revenue Service (IRS), or U.S. Citizenship and Immigration Services (USCIS)鈥擸VC requires the following controls:

• Encrypted Transit
  •  All data submitted via web portals must be transmitted using strong, industry-standard encryption protocols, such as TLS 1.3 or higher, to safeguard data integrity during transfer.
• Secure Workstation Handling
  • Web uploads must be performed exclusively from authorized, security-hardened workstations.
  • Any files downloaded for transfer are considered sensitive and must be handled in compliance with YVC鈥檚 endpoint security policies, which ensure that the data is not exposed to unauthorized access.
    
    
• No Shared Storage
  • Local copies of transferred data must never be stored on shared drives.
  • Files should be securely deleted from the workstation immediately after the transfer is complete, ensuring no residual data is left on unsecured storage locations.
    
    
• Audit Logging
  • Each transfer must be logged to maintain an accurate record of data handling, which includes:
    
    • The user鈥檚 identity performing the transfer
    • Date and time of the transfer
    • Destination system where the data was transferred
    • File details including file names, sizes, and types.
  • These logs must be stored according to YVC鈥檚 data governance and audit requirements to ensure transparency and accountability.

麻豆视频 (YVC) supports secure, automated file exchanges with external partners using the following protocols. All transfers must adhere to these requirements:

• Protocol Usage:
  • SFTP (SSH File Transfer Protocol) is the preferred method for all bulk or scripted transfers.
  • FTPS (FTP over TLS) is permitted only when SFTP is unavailable and explicitly required by the partner.
• Network Controls:
  • Firewall rules must restrict access to the minimum set of authorized IP addresses and ports necessary for the transfer.
• Authentication & Credentials:
  • Credentials and keys must be managed in accordance with YVC IT Security Standard 6.49 鈥� Password Management.
  • Public key (RSA or ED25519) authentication is strongly encouraged for SFTP. Any use of unprotected private keys (e.g., without a passphrase) must be documented as an exception through the Exemptions process.
• Encryption & Integrity:
  • All data in transit must be encrypted using strong algorithms
  • For highly sensitive datasets, file level encryption and digital signing with PGP/OpenPGP/GNU GPG may be employed as an additional layer of protection.
• Logging & Audit:
  • Every transfer must be logged, capturing user identity, date/time, protocol, source and destination endpoints, and file details.
  • Logs must be retained and periodically reviewed according to YVC鈥檚 data governance and audit policies.
• Exceptions:
  • Any deviation from these requirements must be processed through the formal Exemptions procedure, including a documented risk assessment and compensating controls.

The Director of Technology Services (or their designee) may approve alternative, industry standard methods for secure data transfer, provided they meet YVC鈥檚 requirements for encryption, authentication, integrity, and audit logging. These methods may include, but are not limited to:

• Secure Web/Application Protocols (e.g., HTTPS)
• Secure multipurpose mail extensions (e.g., S/MIME or PGP/OpenPGP)
• Virtual Private Networks (VPNs using certificate based or multi factor authentication)
• Other approved technologies that align with YVC鈥檚 security standards
  All authorized methods must be documented, and any deviations or special approvals processed through the Exemptions procedure.

Data may be transferred to business partners via physical media only when no secure electronic transfer option is available. All physical media (e.g., USB drives, DVDs) and containers must be clearly labeled to indicate they are property of YVC and contain confidential information. If printed reports are included, they must:

• Have a cover sheet labeling the contents as confidential and YVC-owned.
• Preferably include confidentiality markings (e.g., header, footer, or watermark) on each page.
  Instructions for secure handling and disposal of media must accompany the delivery鈥攅ither on the media itself or via a cover letter鈥攁nd must comply with YVC IT Security Standard 6.44: Media Disposal.

Violation of this procedure or any YVC IT security standards will be addressed promptly. Users who misuse or abuse computing or network resources may face disciplinary action, which may include temporary or permanent suspension of access, account deactivation, and/or other administrative measures. Serious or repeated violations may result in additional consequences in accordance with college policies, employment agreements, or applicable laws and regulations. Some violations of this procedure may also constitute a state, local, or federal criminal offense.

• YVC Administrative Procedure 6.03 Acceptable Use of YVC Computers
• YVC Administrative Procedure 6.04 Acceptable Use of YVC Network and Data Management Systems
• YVC Administrative Procedure 6.05 Electronic Messaging and Retention YVC IT Security Standard 6.28 Electronic Mail Configuration
• YVC IT Security Standard 6.44 Media Disposal
• YVC IT Security Standard 6.49 Password Management
• YVC IT Security Standard 6.52 Portable Data Storage Devices YVC IT Security Standard 6.70 Data and Information Security YVC IT Security Standard 6.71 Encryption

 References:

• Appendix A: Data Sharing Agreement Form
• Appendix B: Data Disposal Form
• Appendix C: Use & Disclosure of Confidential
• Appendix D: Data Sharing Cover Sheet

麻豆视频 will assume the cost of copiers and their associated maintenance agreements for standard institutional use. However, exceptions apply under certain conditions as outlined below.

The following categories of copier usage are excluded from centrally funded support. In such cases, costs鈥攊ncluding equipment acquisition and ongoing maintenance, will be the responsibility of the requesting department, program, or external entity:

• Supplementary Copiers
  • If a department or program requests an additional copier beyond what has been provided by Technology Services, the department shall:
    • Obtain approval from their supervisor, dean/director, and corresponding vice president.
    • Submit the request to Technology Services for review. The requesting department or program should be responsible for the cost of the copier and its maintenance agreement. Monthly billing will be charged accordingly.
• Self-Supported or Specially Funded Copiers
  • Copiers that are self-funded or associated with specific funding sources are not covered by general college funds. These include, but are not limited to:
    • Coin-operated copiers
    • Copiers purchased with program-specific or grant funds
    • Copiers used by the Associated Students of 麻豆视频 (ASYVC)
    • Copiers located in instructional areas for student use
    • Copiers used in tutoring centers
    • Copiers used by the YVC Foundation
      (Note: Technology Services will bill the Foundation directly for monthly usage.)

For all applicable exceptions, billing will be forwarded to the designated program, department, or account holder for payment.

Technology Services:
Technology Services is responsible for the overall management, coordination, and support of copiers across all 麻豆视频 campuses and learning centers.  Specific responsibilities include:

• Evaluating copier needs across the college by gathering input from users.
• Maintaining an up-to-date inventory of copier needs and placements.
• Procuring college copiers, including negotiating maintenance agreements.
• Collecting monthly meter readings and submitting them to the appropriate vendors for billing.
• Processing and forwarding internal billing to the relevant departments and programs.
• Preparing copiers before deployment.
• Networking and configuring devices to ensure access for authorized YVC employees.
• Issuing user codes, when feasible, for devices with audit locking features.

Users:
Contacting the designated copier contact when the device indicates a need for toner replacement or requires service.

Designated copier contact:

• Calling the vendor support number posted on the device when toner replacement is needed.
• Contacting vendor support for any copier malfunctions or operational issues.
• Submitting a ticket (Technology Services work order) for all vendor service calls. The ticket must include the copier鈥檚 Service ID and location for tracking and accountability.

College-produced and maintained or distributed conventional electronic documents should be accessible. Conventional electronic documents include word processing documents, Portable Document Formats (PDF), presentations, and spreadsheet files that are scanned, uploaded, posted, or otherwise published or distributed electronically. Electronic interaction with college policies, procedures, notifications, and other conventional electronic documents should be as effective and usable for people with disabilities as it is for people without disabilities. Conventional electronic documents should follow and use standards and guidelines outlined in the , as a guiding framework, published by the World Wide Web Consortium (W3C).

Responsibility

Accessibility Coordinator & Campus Accessibility Work Group:

• Should work with all departments and programs to ensure conventional electronic documents, including PDF, Word, Excel, and PowerPoint files, are accessible.
• Should compile and maintain data to track compliance with these procedures and make recommendations for addressing any challenges.
• Should collaborate with Technology Services, DSS, Library, and eLearning to coordinate campus-wide PDF solutions.
• End users are encouraged to use accessibility checkers when integrated into software.

eLearning/Library in collaboration with Accessibility Coordinator:

• Should implement procedures to ensure that materials digitized or hosted by the library for research purposes are accessible to individuals with disabilities.

Departments and programs in collaboration with Accessibility Coordinator:

• Shall follow the accessibility requirements outlined in these procedures when creating, using, and distributing conventional electronic documents, such as Word documents, PDFs, presentations, and spreadsheets.
• Shall provide accessible conventional electronic document instruction, guidance, and support for campus community members to ensure all individuals, including those with disabilities, can effectively access and use these materials.
• Should encourage faculty, staff, and students to use accessible formats when creating and sharing electronic documents, ensuring that all content is usable and inclusive.
• Should collaborate with the Accessibility Coordinator and Technology Services to address any issues related to the accessibility of conventional electronic documents and make improvements where necessary.

Departments and/or programs shall purchase and produce only accessible multimedia and shall update existing inaccessible media as it is put into use. Applications should meet college purchasing standards. All media resources used in college programs and activities must be accessible. This includes, but is not limited to, instructional, informational, marketing, and promotional media .

3.1 Responsibility

Technology Services/Community Relations:

• Shall maintain and continue to provide instruction on media accessibility (such as captioning and audio-describing media and transcribing audio), as well as how to display captioned media in classrooms.
• Shall incorporate accessibility information into faculty training on the use of audiovisual equipment.

eLearning:

• Shall incorporate captioning and media accessibility information into training.
• Shall coordinate campus-wide captioning and transcription solutions that:
• Provide assistance with obtaining permission to caption and audio-describe.
• Disseminate information to the college community about college protocols related to accessible electronic media, including a list of approved vendors to perform captioning.

Community Relations:

• Shall produce communications and promotional materials including social media posts that are captioned, audio-described or transcribed.

Library:

• Shall maintain a library of transcribed audio and captioned video resources available for faculty, staff, and student use.
• Shall maintain a record of the commercial availability of copyrighted media resources.
• Shall assist faculty in identifying materials that are captioned before purchase.

Departments, programs, instructors and employees:

• Shall purchase only captioned versions of audiovisual media whenever possible.
• Shall ensure that all other media used on the web or in instruction is captioned.
• Shall purchase only transcribed audio and audio-described versions of audiovisual media whenever possible.
• Shall update any non-transcribed audio and any non-captioned/non-described video that is currently in use.
• Shall use only transcribed audio and closed-captioned media with audio descriptions that are made available in a timely manner to the class.
• Shall only assign such media as course material, whether optional or required.
• All videos (professionally or internally produced) used in courses and shared on campus websites or video storage sites (such as YouTube and Vimeo) shall be captioned.
• Students and employees may request that recordings of course sessions and presentations created for and during a course, and used only during that course, be captioned.
• Shall assess the availability of audio descriptions and create a plan for meeting audio description standards for use on campus.
• Audio description videos shall be acquired and created when technology permits.

Web pages, websites, and web-based software published, hosted, or used (including remotely hosted sites and software) by the college shall meet the guidelines and success criteria outlined in the Level AA, published by the W3C. All pages shall meet WCAG 2.1 AA success criteria with limited exceptions as outlined in Title II, 35.201 of the Americans with Disabilities Act and Washington State USER-01 Policy.

Regardless of exceptions, the college shall provide individuals with disabilities effective communication, reasonable modifications, and an equal opportunity to participate in or benefit from college services, programs, and activities.

4.1 Responsibility

Community Relations:

• Shall ensure that any Content Management System (CMS) and other web production or web object creation software proposed and supported by Technology Services shall be accessible and shall produce accessible web pages.
• Shall coordinate instruction and support for campus community members supplying and creating content for college websites to ensure that individuals who author web content shall do so in accordance with WCAG 2.1 Level AA Guidelines.
• Shall review updates and new content created by designated content editors prior to publishing for accessibility compliance.
• Shall compile and maintain data to track compliance with the policy and procedures and make recommendations for addressing any issues.
• Webpages published or hosted by the college on or after April 24, 2026 shall aim to be accessible according to WCAG 2.1 Level AA standards. Upon a specific request for access by an individual with a disability, the college shall update non-accessible pages to comply with the WCAG 2.1 Level AA standard or otherwise make the content available to the individual in a timely manner.
• Where it is not possible to make a web page directly accessible due to technical or legal limitations, the college shall provide a conforming alternate version that provides equivalent access.

Departments and programs:

• Shall comply with web accessibility standards when creating web content, websites, and programs.
• Shall ensure that online activities are hosted in accessible environments and that online content adheres to the standards outlined in this procedure.
• The college shall identify a strategy to ensure that webpages providing essential student functions are accessible.
• College program and department websites shall link to the college鈥檚 main accessibility page, which includes a statement of commitment to web accessibility and provides a method for reporting barriers and/or requesting an alternative format that ensures equivalent access.

Software, hardware, and systems purchased or implemented by the college shall be accessible and shall produce accessible products. In this context, "accessible" means either directly or by supporting the use of assistive technology.
Examples of software, hardware, and systems include, but are not limited to:

• Learning and content management systems
• Library and email systems
• Administrative management systems such as finance, registration, and human resources
• All software, hardware, and software services used for student services. This applies to all types of software, including freeware, shareware, desktop, enterprise, subscription, and remotely hosted options.
• Software accessed through a web browser shall comply with the web accessibility standards outlined in Section 4 of these procedures.
  Examples of technology that shall not be considered accessible include:
• Videos without closed captioning
• Web applications that cannot be read by screen readers
• Computer kiosks that are inaccessible to individuals using wheelchairs

5.1 Responsibility

Suppliers and vendors shall demonstrate that all IT products and services provided to the college conform to the Web Content Accessibility Guidelines (WCAG) 2.1 Level AA standards, as defined by the World Wide Web Consortium (W3C).
Acceptable documentation of conformance includes one of the following:

• An independent, third-party Accessibility Conformance Report (ACR) prepared by a qualified accessibility consultancy, or
• A completed Voluntary Product Accessibility Template (VPAT) using the VPAT 2.5 format, which is based on WCAG 2.1 Level AA standards.
  The college shall validate accessibility documentation submitted by vendors or suppliers to ensure that the product or service meets applicable accessibility requirements under federal and state laws and policies.

Accessibility Coordinator:

• Shall review all submitted Voluntary Product Accessibility Templates (VPATs) and Accessibility Conformance Reports (ACRs) for currency, completeness, accuracy, and conformance with WCAG 2.1 Level AA success criteria.
• Shall request additional documentation or clarification from vendors as needed to ensure a comprehensive understanding of the accessibility of the product or service.
• Shall consult with qualified third-party evaluators who have assessed the product or service for accessibility, or conduct an internal evaluation when appropriate.
• Shall require and assess a written remediation plan from the vendor for any identified accessibility deficiencies, including timelines for correction, and shall advise on contractual language to ensure enforceability of remediation obligations.

Technology Services:

• Shall ensure that assistive technologies are readily available to students using campus computer labs and other publicly accessible computing environments.
• Shall ensure that assistive technologies are provided in a timely manner to campus employees, including student employees, upon request or as required for access.
• Shall ensure that all internally developed applications (web, desktop, mobile, or other platforms) conform to the WCAG 2.1 Level AA, WAI-ARIA 2.0, and ATAG 2.0 standards, extrapolated as necessary for non-web-based technologies.
• Shall prioritize the evaluation of electronic and information technology (EIT) used by current students, prospective students, and the general public, and shall notify the Accessibility Coordinator of any technology requests submitted by departments or employees鈥攚hether free, grant-funded, purchased via PCARD, or acquired through ctcLink鈥攖o facilitate an accurate and thorough accessibility evaluation.

Departments and programs/college employees:

• Shall complete a Service Agreement / Software Request Form to notify Technology Services of any intent to purchase, subscribe to, or implement technology solutions.
• Shall aim to ensure that all purchased or locally managed software, hardware, interfaces, modifications, and electronic systems are accessible to individuals with disabilities.
• Shall proceed with the purchase of electronic and information technologies (EITs) only if they are accessible, except where doing so would impose a fundamental alteration of a program or activity or result in an undue financial or administrative burden. In such cases, the department shall work with the Accessibility Coordinator to provide an accessible alternative.
• Shall work with the Accessibility Coordinator and Technology Services to develop a proactive review strategy for academic and operational hardware, with the goal that only hardware with accessible options鈥攕uch as accessible door access systems and educational technology鈥攁re selected for campus-wide deployment or instructional use.
• Accessibility Coordinator & Campus Accessibility Work Group:
  Shall coordinate campus-wide processes to ensure the accessibility of software, hardware, and electronic systems procured or developed by the college.
• Shall convene regular meetings to assess progress, review compliance data, and address emerging accessibility concerns.
• Shall compile, analyze, and maintain records to track compliance with accessibility procedures and recommend strategies for resolving identified gaps.
• Shall develop and maintain a college-wide strategy to ensure the ongoing accessibility of learning management systems, instructional technologies, and course materials.
• Shall oversee and support the implementation of a program to provide education, training, and resources related to the accessible use of classroom technology, including but not limited to student response systems, podium interfaces, blogs, and educational software.
• Shall ensure that campus computer labs meet EITA-recommended configurations and procedures, as outlined by Technology Services.
• Shall include representatives from the following areas to ensure a cross-functional approach to accessibility compliance:
• Accessibility Coordinator
• Director of Technology Services (CIO)
• Director of Community Relations (PIO)
• eLearning Coordinator or Instructional Designer
• Web Content Coordinator
• Public Records Officer
• Office of Institutional Effectiveness
• Procurement
• Library and Media Services
• Instruction Services and Faculty
• Student Services and Disability Support Services

Accessible
鈥淎ccessible鈥� means that individuals with disabilities are able to independently acquire the same information, engage in the same interactions, and benefit from the same services as individuals without disabilities, within the same timeframe and with substantially equivalent ease of use.

Alternative Format
鈥淎lternative format鈥� refers to a format that presents information in a manner that allows equal access for individuals with disabilities. Examples include braille, large print, audio recordings, and accessible digital text.

Assistive Technology (AT)
鈥淎ssistive technology鈥� refers to software or hardware used by individuals with disabilities to access electronic content or perform functions that might otherwise be difficult or impossible. Examples include screen readers, magnification software, speech recognition software, and alternative input devices.

Captioning
鈥淐aptioning鈥� refers to the textual representation of spoken words and sounds displayed on a video or multimedia presentation to ensure access for individuals who are deaf or hard of hearing. Captions may be closed (toggle on/off) or open (always displayed).

Disability
鈥淒isability鈥� refers to an actual, perceived, or non-apparent physical, sensory, mental, or cognitive condition that substantially limits one or more major life activities.

Electronic and Information Technology (EIT)
鈥淓lectronic and Information Technology鈥� or 鈥淓IT鈥� refers to information technology and any equipment, system, or subsystem used in the creation, conversion, storage, duplication, transmission, or display of data or information. This includes, but is not limited to:

• Internet and intranet websites
• Digital content and electronic publications (e.g., e-books and e-readers)
• Learning management systems
• Multimedia and classroom technologies (e.g., personal response systems or "clickers")
• Search engines and databases
• Administrative systems such as human resources, finance, and registration
• Office equipment such as classroom podiums, copiers, and fax machines
• Telecommunications devices (e.g., telephones)
• Information kiosks and Automated Teller Machines (ATMs)
• Computers, software, firmware, ancillary equipment, support services, and related resources

Equivalent Access
鈥淓quivalent access鈥� means that any instance of non-conformance with WCAG 2.1 Level AA standards must not prevent individuals with disabilities from using electronic and information technology in a way that ensures substantially equivalent:

• Timeliness 鈥� Information is available at the same time as for users without disabilities
• Privacy 鈥� Personal information is protected equally
• Independence 鈥� No unnecessary assistance is required to use the technology
• Ease of Use 鈥� Access requires no greater effort than for those without disabilities

Equivalent access must allow individuals with disabilities to:

1. Access the same information
2. Engage in the same interactions
3. Conduct the same transactions
4. Participate in or benefit from the same services, programs, and activities

Hardware

Hardware refers to physical devices and components that are specifically designed, modified, or configured to assist individuals with disabilities in interacting with and utilizing digital systems or environments. This includes input and output devices, adaptive technologies, and environmental controls that enable users with sensory, physical, or cognitive impairments to access, navigate, and engage with technology effectively.

Remediation Plan
鈥淩emediation plan鈥� refers to a documented strategy developed by a vendor or internal party to bring an inaccessible technology product or content into compliance with accessibility standards, including clear deadlines and deliverables.

Student Response Systems

Student response systems (SRSs), also known as classroom response systems, audience response systems, or clickers, are interactive technologies that allow instructors to gather student responses to questions or polls in real-time.

Section 508
鈥淪ection 508鈥� refers to the federal law (29 U.S.C. 搂 794d) requiring that all federal agencies鈥� EIT be accessible to people with disabilities, and serves as a baseline accessibility benchmark adopted by many states, including Washington.

Voluntary Product Accessibility Template (VPAT)
鈥淰PAT鈥� is a standardized form used by vendors to describe how their product conforms to accessibility standards, including WCAG, Section 508, and EN 301 549. VPAT 2.5 is the latest version aligned to WCAG 2.1 Level AA.

WAI-ARIA (Web Accessibility Initiative 鈥� Accessible Rich Internet Applications)
鈥淲AI-ARIA鈥� is a technical specification from the W3C used to improve the accessibility of dynamic content and user interface components developed with JavaScript and similar technologies.

WCAG (Web Content Accessibility Guidelines)
鈥淲CAG鈥� is a set of international guidelines developed by the World Wide Web Consortium (W3C) to make web content more accessible to people with disabilities. WCAG 2.1 Level AA is the standard referenced in most U.S. laws and policies.

Web Accessibility
鈥淲eb accessibility鈥� means that websites, tools, and technologies are designed and developed so that people with disabilities can use them. More specifically, people can perceive, understand, navigate, and interact with the web and contribute to it.

• Americans with Disabilities Act of 1990 (ADA), and the
• Washington State Core Services RCW 28B.10.910-916,
• Washington State Policy USER-01 鈥�

Request for Mobile Device Allocation and Utilization:

Employees who require cellular service for college business must submit written request to their respective supervisor, dean/director, and vice president. If approved by those individuals the written request should be submitted to the president.  The president will review the request to ensure the employee meets the criteria for cell phone usage. Approved requests will be forwarded to the Director of Business and Accounting Services for processing.

• Administrative Procedure 1.12 Equipment Use

麻豆视频鈥檚 Technology Master Plan & Planning Process (TMPPP) provides a strategic framework for identifying, integrating, and sustaining technology solutions that support the college鈥檚 mission and institutional objectives. As a living document, the TMPPP guides the management of technology assets.

Through the annual budget planning cycle, technology needs are assessed and documented using input from President, Vice-President鈥檚, Deans and/or Directors, inventory reviews, system lifecycle evaluations, and security requirements. These needs are then evaluated by Technology Services to ensure alignment with security, accessibility, and integration standards. Proposed initiatives are reviewed by the appropriate administrative leadership for budget consideration and final approval, ensuring a coordinated and sustainable approach to advancing YVC鈥檚 technology environment.

Technology Services maintains Polices, Procedures, and Standard Operating procedures.  The Board of Trustees directs the college president and administration to develop and implement procedures and standards to ensure the integrity and security of all campus IT facilities, resources, and services managed by YVC.

麻豆视频 IT policies and standards are foundation to institutional guidance, adhering to Washington Technology Solutions (WaTech) standards and overseen by the Technology Services Board (TSB). Policies and procedures require periodic updates to address evolving technology, legal requirements, and emerging security threats, ensuring governance and compliance.

Beginning in 2022, 麻豆视频 has made strategic improvements towards modernizing its technology systems to better support students, faculty, and staff. The following highlights showcase YVC鈥檚 progress and ongoing commitment to innovation, resilience, and academic excellence. Each initiative strengthens YVC鈥檚 technology infrastructure and enhances the campus community鈥檚 access to reliable, secure, and inclusive technology. 

1. State of YVC鈥檚 Technology Systems
On November 9, 2023, Technology Services presented the state of technology and requested updated technology to the Board of Trustees (BOT). This request was approved on January 11, 2024. Before January 2023, YVC鈥檚 Technology Services faced risks from an aging network, including security vulnerabilities, hardware failures, decreased productivity, higher maintenance costs, limited functionality, and inflexibility. In January 2023, Technology Services secured one-time funding to update its technology infrastructure, divided into three major sections: network devices (switches, access points, battery backups, servers/storage), hardware (phone system, classroom, meeting room, copiers, printers, computers, monitors), and software (SQL server and Intune). This funding helped mitigate risks associated with an aging network.

Network
The network administrators are currently working on updating an archaic phone system.  They have also begun updating battery backups and switches.

As part of the infrastructure modernization, significant upgrades were made to YVC鈥檚 network backbone to improve performance, reliability, and security. Technology Services replaced aging switches, access points, and battery backup systems across campus, enabling faster connectivity and more stable wireless access. 

These upgrades addressed previous concerns about network instability and provided a scalable foundation to support future growth and a more secure network.

System Administration
The system administrators recently installed new production, disaster recovery, and virtual desktop systems. New servers and storage solutions were also deployed to support modern applications, improve data access speeds, and enhance business continuity.

To strengthen operational resilience and user flexibility, YVC鈥檚 system administrators implemented key upgrades to disaster recovery and virtualization platforms. A refreshed backup and disaster recovery strategy now ensures quicker restoration of services and minimizes data loss in the event of a system failure or cyber incident. In parallel, the deployment of a Virtual Desktop Infrastructure (VDI) provides secure, remote access to campus computing resources, allowing faculty, staff, and students to access critical applications from virtually any location. These enhancements not only support continuity of operations but also align with best practices in cybersecurity, accessibility, and academic flexibility.

Applications
There are many behind the scenes processes that assist the college information systems in running smoothly.  These processes may do anything from manage data from SBCTC/ctcLink or automate student and staff computer account lifecycle.  

Technology Services developers have created multiple applications, including Roleout, IDVerify, myAD, myID, Trac-it, and Register. These tools assist both staff and students in various ways. Roleout, IDVerify, and myAD assist staff with assigning and managing user roles. Meanwhile, Register, myID, and Trac-it securely facilitates email generation, ID cards, and track campus resource usage. 

2. Cybersecurity
Cybersecurity has made significant progress in recent years. On May 18, 2023, YVC assisted in hosting a tabletop cybersecurity event. On June 13, 2023, YVC launched Multifactor Authentication (MFA) for both staff and students across Microsoft and ctcLink applications. On April 16, 2024, a new Information Security Officer (ISO) was appointed at YVC. Additionally, student Microsoft/Canvas password enhancements were implemented on August 19, 2024. 

As part of YVC鈥檚 commitment to continuous improvement, the college consistently evaluates and seeks new strategies and technologies to enhance its cybersecurity posture. This includes ongoing reviews of security policies, proactive monitoring, and collaboration with industry partners to identify emerging threats and best practices.

3. Technology & Classroom Support
Tech Services help desk staff received funding from both Universal Design for Equity and Accountability in Learning (UDEAL) and the State of YVC鈥檚 Technology Systems funding from January 2023. This team has implemented 1600 windows 11 upgrades, 179 desktops, 126 monitors, 88 laptops, 35 copiers, 20 projectors, 5 Wacom, 3 large displays, to name a few.

4. ctcLink
Deployment Group 6 ctcLink project is a $145 million, decade-long project to move from Legacy to a modern platform on a shared system for the 34 SBCTC schools. In May of 2022, YVC joined the ctcLink family.

• 6.03 Acceptable Use of YVC Computers