- About OUS
- OUS Vision and Goals
- Chancellor's Office
- Campuses & Centers
- Governance and Reform
- Diversity & Community Engagement
- Doing Business with OUS
- Employment Opportunities
- Policies & Procedures
- University Presidents
- Provosts' Council
- Research & Innovation
- Records Management
- Senate Bill 242
- American Recovery & Reinvestment Act
- OUS/SEIU Classified Staff Negotiations
- Academic Strategies
- Board's Office
- Budget Operations
- Capital and Facilities Planning
- College Access Programs
- Contracts and Purchasing
- Controller's Division
- Accounting & Reporting
- Banner Standards Management
- Business Services
- Payroll Operations
- Treasury Operations
- Policies & Procedures
- Other Resources
- Controller's Site Map
- Finance & Administration
- Government Relations
- Human Resources
- Industry Partnerships
- Institutional Research
- Internal Audit
- Legal Counsel
- Student Success Initiatives
- Risk Management
- State Board of Higher Education
- Board Meetings
- Board Committees
- Board Members
- Board Strategic Plan
- Joint Boards
- Board Minutes and Records
- Policies & Procedures
- Students and Counselors
- Campuses & Centers
- Counselor Resources
- Prospective Students
- Transfer Students
- Transfer Admission
- OUS Campus Transfer Links
- Planning to Transfer in Oregon
- College Costs
- Financial Aid
- Degree Partnership Program
- Pre-College Programs
- Undergraduate Programs
- Graduate Programs
- Teacher Education
- Veterans Benefits
- Reverse Transfer
- Facts and Reports
- Entering Freshman Profile
- Enrollment Watch
- Fact Book
- System & Student Reports
- Tuition & Fees
- University Profiles
- Performance Measurement
- Operating Reports
- Initiative Reports
- Other Databases & Resources
- Alignment and Partnerships
- Contact Us
Policy Guidelines for Electronic Commerce
|Section: Electronic Commerce||Number: 40.005|
|Title: Policy Guidelines for Electronic Commerce|
The policy sets forth policy guidelines for the use of electronic commerce. It applies to all financial transactions performed using an electronic medium which involve use of System facilities, personnel, or other resources.
The Oregon State Board of Higher Education (Board) views electronic commerce as a natural extension of the business processes already conducted by the Board and its seven universities (System). The Board encourages System universities to utilize electronic commerce to improve service to its students, faculty, staff and the public, and to reduce the cost of providing these services. For purposes of this policy, electronic commerce includes all business transactions accomplished using an electronic medium. In all endeavors of this type, the System shall protect the assets of the State, the integrity of the data, the financial and confidential information about the customer, and preserve the trust and confidence in using electronic commerce. This requires an appropriate combination of System and institutional management oversight, and includes sound policies, procedures, technologies, and internal controls.
- 291.038 State agency planning, acquisition, installation and use of information and telecommunications technology; integrated videoconferencing; on-line access service; Stakeholders Advisory Committee; rules.
- OAR 580-040-0005 - Delegation and Assignment of Responsibility
Approved by the Oregon State Board of Higher Education on 6/16/00, with an effective date of 7/1/00.
All Chancellor's Office and institutional personnel with electronic commerce-related responsibilities should be knowledgeable of this policy.
Core Application: An activity which is closely integrated with already deployed student information systems, financial information systems, and/or human resources information systems. It is central to the institution's mission and revenue stream, and is directly and substantially related to students. A core application is usually:
- high dollar volume (hundreds/thousands of dollars);
- high transaction frequency (thousands of transactions);
- broad scope (activity is institution-wide);
- high degree of integration with existing systems (uses existing dedicated computing systems).
Examples of core applications would include tuition payments, housing payments, and fee payments.
Electronic Commerce: A broad term used to describe business transactions conducted using an electronic medium.
Electronic Medium: Mechanism for transferring, storing, and manipulating electronic data using facilities and devices such as telephone, lease lines, the Internet, compact disc, magnetic tape, diskettes, and fiber lines.
In-house Application: System owned or licensed software running on System controlled hardware.
Limited Access System: A server with a dedicated purpose allowing access only to individuals with system critical needs.
Peripheral Application: An activity which is not closely integrated with already deployed student information systems, financial information systems, and/or human resources information systems. It is occasional and incidental to the institution's mission and revenue stream. A peripheral application is usually:
- low dollar volume (tens of dollars);
- low transaction frequency (tens of transactions);
- limited scope (activity is unique to a particular department);
- low degree of integration with existing systems (no existing dedicated computing systems).
An example of a peripheral application would be the sale of a technical report by an academic department.
Security/Secure: Authorization and verification of users, assuring integrity of transaction, and encryption (the conversion of data into a proprietary code or accepted open source standard for security purposes.)
A. CHANCELLOR'S OFFICE
The Vice Chancellor for Finance and Administration or designee shall have oversight responsibility for System provisions as set forth in this policy, and for provisions relative to Chancellor's Office electronic commerce activities.
Each university Vice President for Finance and Administration or designee shall have oversight responsibility on their campus for institutional provisions set forth in this policy.
The Board affirms the need for consistency across all institutions in certain electronic commerce business activities and also recognizes the need for flexibility in others. In furtherance of these objectives, the Board establishes the following standards:
 Each Campus shall develop a privacy statement in accordance with the Federal Family Educational Rights and Privacy Act of 1974 (FFERPA) and complimentary to the DAS privacy statement.
 Accounting practices for electronic commerce transactions shall adhere to appropriate accounting standards as established by the Vice Chancellor for Finance and Administration.
 Financial information transmitted electronically shall be sent using an appropriate level of security. The security technologies used shall, at a minimum, be consistent with standards established by the Oregon State Treasury and meet or exceed common industry standards.
 Credit card authentication shall be performed through a verification service approved by the Oregon State Treasury.
 Sensitive data, including social security numbers, credit card numbers, passwords, and any other similar data whose compromise would have a material negative impact, shall be stored in a secure format unless otherwise approved by the institution's Vice President for Finance and Administration or designee.
 All transactions shall be uniquely serialized and fully journaled to provide a conclusive audit trail.
 All goods and services provided and received shall be routinely reconciled with the accounting records.
 All applications shall comply with all current Board and pertinent State of Oregon public procurement statutes, rules, and regulations. Outsourced core applications shall meet the standards specified by the Vice Chancellor for Finance and Administration or designee. Outsourced peripheral applications shall meet the standards specified by the institution's Vice President for Finance and Administration or designee.
 In-house applications shall occur on limited access systems rather than on general purpose systems (which may be used for miscellaneous other purposes such as e-mail, web hosting, etc.).
 Any non-System advertising connected with electronic commerce shall be approved in accordance with institutional policies.
 Electronic commerce systems shall be fully and securely archived.
 Any effort to divert electronic commerce revenues or compromise systems associated with electronic commerce activities shall be subject to prosecution under Oregon Revised Statues pertaining to theft, alteration of public records, or other applicable laws.
 The System shall periodically review this policy for consistency with DAS policies.
Direct questions about this policy to the following offices:
Subject Contact General questions from institutional personnel Institution Office of Business Affairs General questions from institutional central administration and Chancellor's Office personnel Chancellor's Office Controller's Division
10/15/03 - Reformatted
6/16/00 - Approved
Policy Last Updated: 10/15/03
Appendix Last Updated: 10/15/03