Policy Statement
Ramapo College of New Jersey, hereinafter “the College”, recognizes that safeguarding the integrity, confidentiality, and availability of its digital assets and sensitive information is not only essential but also integral to its mission as an institution of higher learning. Cybersecurity is not merely a technical concern; it is a fundamental responsibility that impacts every facet of our college community.

While reliance on technology for teaching, learning, research, administrative operations, and communication offers countless benefits, it also exposes the College to a wide range of cybersecurity threats and vulnerabilities. The consequences of a cybersecurity breach can extend far beyond financial loss; it can affect institutional reputation, compromise the privacy of individuals, and disrupt the academic and administrative functions that are the lifeblood of the College.
Adherence to this policy, procedure, and the confidential Cybersecurity Protocols & Compliance Manual seeks to ensure not only the protection of the College’s digital assets but also the continued growth and success of the College.

Reason for Policy
Sets forth policy and procedures to secure the College’s digital environment, recognizing that cybersecurity is a shared responsibility involving the entire Ramapo College community; provides a structured framework to mitigate risks, protect sensitive data, and establish a culture of vigilance and responsibility among staff, faculty, students, and users; also serves as a guiding document for the community, outlining the principles and practices necessary to create a secure and resilient cybersecurity posture.

To Whom does the Policy Apply
All Ramapo employees, students, and users of Ramapo College’s digital environment and its resources.

Supplemental Resources

• Procedure 411: Cybersecurity
• 411A: RCNJ Cybersecurity Protocols & Compliance Manual
• Policy 410: Data Protection (PII)

Procedure 411: Cybersecurity
Procedures to ensure the proper principles, practices, and controls associated with the College’s cybersecurity posture are captured in the User Responsibilities noted below and also in a RCNJ Cybersecurity Protocols & Compliance Manual (CPCM) which is a confidential document.

I. User Responsibilities
Cybersecurity is a shared responsibility. While ITS implements and manages robust security infrastructure, the ultimate protection of our information and systems is a collective effort. Every user is trusted with the duty to safeguard institutional data, protect their credentials, and act as the first line of defense against cyber threats. This includes being vigilant against phishing attempts, practicing strong password management, securing personal devices that connect to the college network, and handling sensitive data with appropriate care. For a complete and detailed outline of your specific obligations, please refer to Policy 604: Acceptable Use for Information and Technological Resources.

II. Cybersecurity Protocols & Compliance Manual (CPCM)
The CPCM shall include, at minimum, the following subjects:

• Key Objectives
• Scope
• Roles and Responsibilities
• Security Awareness and Training
• Access Controls
• Procedures for Encrypting and Protecting Sensitive Data
• Network Security
• Incident Response Plan
• Patch Management
• Auditing, Security Monitoring, and Logging
• Vendor Management
• Compliance and Regulations
• Physical Security
• Business Continuity and Disaster Recovery
• Review and Revision
• Non-compliance
• Stressing Everyone’s Role in Maintaining Cybersecurity
• Communication

The CPCM is reviewed annually by Information Technology Services.

• RCNJ Cybersecurity Protocols and Compliance Manual (pdf)