Information Security and Compliance Policies, Standards, and Guidelines

CSU Information Security Policy

The CSU Information Security Policy provides direction for managing and protecting the confidentiality, integrity, and availability of CSU information assets. In addition, the policy defines the organizational scope of the CSU information Security Policy.  Click here to access CSU Information Security Policy.

CSUDH Information Security Policy

California State University Dominguez Hills is committed to protecting the confidentiality, integrity and availability of campus information assets. It is the policy and practice of California State University Dominguez Hills to abide by the letter and spirit of the Integrated CSU Administrative Manual for Information Security policies and standards. Click here to access CSUDH Information Security Policy.

CSUDH Responsible Use Policy

The California State University, Dominguez Hills (CSUDH) follows CSU Responsible Use Policy; The CSU Responsible Use Policy ICSUAM 8105.00 provides access to information assets for purposes related to its mission and its responsibilities and necessary activities faculty, students and staff. These resources are vital for the fulfillment of the academic, research, and business needs of the CSU community. This policy defines users (e.g., faculty, staff, students, third parties, etc.) and CSU responsibilities with respect to the use of CSU information assets in conjunction with the CSU Information Security Policy.

The CSU regards the principle of academic freedom to be a key factor in ensuring the effective application of this policy and related standards. Academic freedom is at the heart of a university's fundamental mission of discovering and advancing knowledge and its dissemination to students and the public. The CSU is committed to upholding and preserving the principles of academic freedom: the rights of faculty to teach, conduct research or other scholarship, and publish free of external constraints other than those normally denoted by the scholarly standards of discipline.

This policy is intended to define, promote, and encourage responsible use of CSU information assets among the CSU community members. This policy is not intended to prevent, prohibit, or inhibit the sanctioned use of CSU information assets as required to meet the CSU's core mission and campus academic and administrative purposes.

The requirements stated within this policy must not be taken to supersede or conflict with applicable laws, regulations, collective bargaining agreements, or other CSU and campus policies.

Information Technology Security

California State University, requires that each campus implement or adopt a program for providing information security training to employees appropriate to their level of access to campus assets. Click Here to access Information Technology Security Policy and related Guidelines.

Security Awareness

The campus information security awareness program must also promote strategies for protecting information assets containing protected data. Click Here to access CSU Information Security Awareness and Training Requirements.

All employees with access to protected data and information assets must participate in appropriate information security awareness training. When appropriate, information security training must be provided to individuals whose job functions require specialized skill or knowledge in information security.

CSU Policy Page

CSUDH Presidential Memo



  • The CSU is committed to safeguarding the privacy of all visitors to our websites and applications. This notice describes our privacy policy as it relates to the collection, protection, and disclosure of information resulting from the use of University websites and applications; both information that is collected automatically and information that is provided voluntarily. In particular, we do not redistribute or sell personal information collected through our website and applications.
  • CSUDH Privacy Policy


  • CSUDH Copyright Policies
  • Peer-to-Peer File Sharing
    Students should be aware that the unauthorized sharing of peer-to-peer file copyrighted works, including music, pictures, and movies, is a violation of campus computer use policy. It is also illegal and may carry significant money and/or criminal sanctions. It is the responsibility of students who are downloading or uploading documents to make certain that they are not copyrighted works, or that the student has the permission of the copyright holder.  CSU General Counsel Christine Helwick, September 3, 2003

Telephone Policy and Guidelines

CSUDH Web Policy

What Is FERPA?

The Family Educational Rights and Privacy Act (FERPA) (20 U.S.C. § 1232g; 34 CFR Part 99) protects the privacy of student education records. FERPA is a federal law that applies to all schools that receive funds under an applicable program of the U.S. Department of Education.

Why Is FERPA Important to Our Campus?

All faculty, staff and students, including temporary employees, student assistants and consultants, must comply with state and federal laws and University policies regarding the access to, and use of, student education records, whether these records are printed or electronic. Maintaining the confidentiality of student education records is everyone's responsibility.

Who Has Access to Student Records?

Only those individuals who have been authorized as having a legitimate reason to access student education records can do so. Access to student education records is strictly limited to the specific information and data that is relevant and necessary for those authorized individuals to perform their job-related duties.

How Can I Obtain Access to Student Records?

Review all the information on this site, presented in the form of a tutorial, to become familiar with the rules governing the handling and release of student education records.

For employees, after completing the tutorial and test, save the Certificate of Completion as PDF and send it to your supervisor who will file it in your official personnel file.

For student assistants, after completing the tutorial and test, save the Certificate of Completion as PDF and send it to your supervisor who will file it in your student personnel file.

For vendors/consultants, after completing the tutorial, save the Certificate of Completion as PDF and send it to your campus sponsor to be included with your contract documents.

A FERPA Certificate of Completion must be renewed every two years.  If an applicant does not have a certificate or if the certificate has expired, the request for access to students’ records, or any other administrative system, will not be processed until a new certificate is issued.

Access to grading and class rosters is granted to faculty when the department assigns a course to faculty.

Where can I complete the FERPA training?

Everyone who has a CSUDH ID account is required to complete a FERPA training. Depending on who you are, you will access FERPA training differently.

For CSUDH faculty, student assistants, and staff, you will complete the FERPA training through CSU Learn. To access CSU Learn, log on to the My CSUDH Portal at MY CSUDH and click on the CSU Learn link under the Quick Launch menu on the left.  In CSU Learn, click on Assigned Learning, then click on Data Security and FERPA to begin your training.

Note: For newly hired employees, your CSU Learn account will be created by the Chancellor's Office based on your employment activation date. It will take approximately three days after your start date before you receive an email message from CSU Learn that the Data Security and FERPA training has been assigned to you.  If you take the Department of Education's FERPA 101 for Colleges and Universities prior to your employment start date, you are still required to take the Data Security and FERPA training since the CSU Learn training is focused primarily on Data Security with only a small portion focused on the FERPA topic.

For individuals who are not employees (e.g., third-party vendors) or volunteers processed through Human Resources Management, you will complete the FERPA 101 for Colleges and Universities training available on the Department of Education website:  FERPA 101: For Colleges & Universities. Once you have completed the training, email your certificate of completion to your CSUDH contact or the contracting department contact at CSUDH.

For questions with problems related to FERPA, My.CSUDH.edu ID account, or CSU Learn, contact the IT Help Desk at 310-243-2500 or Open IT ticket.

Vendor Terms and Conditions (Acceptable Use Policy)

Zoom Acceptable Use Policy

Zoom has a very strong and professional Acceptable Use Policy that governs all uses of Zoom services. This policy defines the standards Zoom expects its Customers and End Users to adhere to while using Zoom services.  Included in this policy is the Reasonable Use information stating that “Zoom provides video conferencing services for business collaboration.  Zoom anticipates that customers will use the services in a reasonable manner, given the business purpose.  As such, Zoom may limit, suspend or terminate access if an End User’s use exceeds reasonable standards…”

Dropbox Acceptable Use Policy

Dropbox is used by millions of people. In exchange, Dropbox trusts their users to use their services responsibly. Dropbox users agree not to misuse the Dropbox services ("Services") or help anyone else to do so. Dropbox Acceptable Use Policy is posted on their website.

Microsoft Acceptable Use Policy

Microsoft Acceptable Use Policy identifies activities that you are prohibited from engaging in when using Microsoft Online Services ("Services" or in the case of an individual service, "Service"), which includes any Service that links to this Acceptable Use Policy.

Blackboard Terms and Conditions

These Terms govern your access to and use of Blackboard software, products, and/or services (individually or collectively, the "Products") and any information, content, text, graphics, photos or other materials uploaded, downloaded, purchased, or appearing on or through the Products (collectively referred to as "Content"). Additional terms or product requirements may apply to our individual Products and are available with the relevant Product. These Terms apply to all visitors, users, and others who access and use the Products ("Users").

G Suite Acceptable Use Policy

Use of the Services is subject to this Acceptable Use Policy ("AUP").

If not defined here, capitalized terms have the meaning stated in the applicable contract ("Agreement") between customer, reseller or other authorized user ("You") and Google.

Palo Alto Networks Acceptable Use Policy

Use of Palo Alto Networks’ WildFire APIs, WildFire threat intelligence (including in the form of data, verdicts, reports, and analysis), and any derivative works based on any WildFire or WildFire-related services (collectively, the “WildFire Technology”) is subject to this Acceptable Use Policy.

Adobe General Terms of Use

These General Terms of Use (“General Terms”), along with any applicable Additional Terms (see section 1.2 (Additional Terms) below) (collectively, the “Terms”) govern your use of and access to our website, customer support, discussion forums or other interactive areas or services, and services such as Creative Cloud (collectively, the “Services”) and software that we include as part of the Services, as well as any applications, including mobile applications, Sample Files and Content Files (defined below), scripts, instruction sets, and related documentation (collectively, the “Software”).