Data Management Policy - Definitions

Definitions

The following definitions apply throughout this Information Security Policy and Practices document:

1. University refers to Suratthani Rajabhat University.

2. Information Security refers to the security of information and communication technology systems at Suratthani Rajabhat University.

3. Supervisor refers to individuals with decision-making authority according to the University’s administrative structure.

4. Computer and Information Center refers to the Computer and Information Center under the Office of Academic Resources and Information Technology, Suratthani Rajabhat University.

5. Chief Information Officer (CIO) refers to an executive or senior manager assigned by the University President to be responsible for ICT operations, in accordance with the Cabinet Resolution dated June 9, 1998.

6. Director of the Computer Center refers to the Director or Deputy Director of the Office of Academic Resources and Information Technology, responsible for overseeing the Computer and Information Center.

7. Standard means a rule or basis for practical implementation to achieve the intended objective.

8. Procedure refers to detailed, step-by-step instructions that must be followed to achieve the specified standard.

9. Guideline refers to non-compulsory suggestions that help users achieve goals more efficiently.

10. User refers to individuals authorized to access, use, or manage the University’s information technology systems. Their rights and responsibilities vary according to roles assigned by the University:

• 10.1 Executives include the President, Vice Presidents, Deans, Directors of Institutes, Offices, Centers, and equivalent positions.

• 10.2 System Administrators are staff assigned to manage servers, network systems, databases, or information systems.

• 10.3 Officers include civil servants, university employees, government employees, and both permanent and temporary staff.

• 10.4 Students are officially enrolled students of Suratthani Rajabhat University.

1. User Access Rights refer to general, specific, privileged, and other types of access rights related to the University’s information systems.

2. External Agencies refer to outside organizations granted access to the University’s data or assets under specified roles and responsibilities, with confidentiality obligations.

3. Information Technology System includes systems that employ IT, computers, and networks to produce, manage, and communicate information. Components include:

• 13.1 Computer Systems comprising hardware, software, and personnel (peopleware) used for data processing.

• 13.2 Computer Networks, including:

   

  • LAN/Intranet: Internal networks connecting computers within the University.

  • Internet: External connections to global internet systems.

   

• 13.3 Data includes personal data, commands, or any processable digital information.

• 13.4 Information refers to processed and organized data made understandable and usable.

1. Information System Workspace includes:

• 14.1 General Working Area for desktops and laptops

• 14.2 System Administrator Area

• 14.3 IT Equipment or Network Area

• 14.4 Data Storage Area

1. Data Owner means an individual authorized to manage and be accountable for specific datasets.

2. Assets refer to data, systems, and IT-related items of value such as network equipment or licensed software.

3. Email refers to the system used for sending and receiving messages including text, images, graphics, video, and audio via computer networks, using protocols such as SMTP, POP3, and IMAP.

4. Account means a registered user ID and password for accessing University IT systems.

5. Password refers to characters used to verify identity and restrict unauthorized access to systems and data.

6. Malicious Code means any code that harms, modifies, or disrupts system operations.

7. Threats are possible or unwanted events that could damage the University’s information systems.

8. Vulnerabilities refer to weaknesses in assets or controls that could be exploited by threats.

9. Information Access or Control refers to permissions or rights granted for accessing or using networks or systems, including external access, and may also define rules to prevent unauthorized access.