Information Security

The Commonwealth of Massachusetts has enacted a law to protect personal information and data. This law went into effect on March 1, 2010.
The law applies to any record, whether electronic or paper, containing personal information about an individual. It requires the College to establish, maintain, and monitor a comprehensive, written security program that meets specific Commonwealth standards. The law defines “personal information or data” as:

Mobile Device Security Policy

A mobile device such as a smart phone or tablet that connects to the Amherst College email servers and other institutional data servers can be a substantial security risk for the College. To reduce the risk, the College has adopted the following policies.

Lost/Stolen IT Equipment Guidelines


The College and all of its employees are legally obligated to protect sensitive College data. If this data or the network and computer resources that contain it become compromised or threatened due to the loss or theft of information technology equipment, for example a device such as a laptop or smart phone, the College and its employees must immediately take steps to prevent or minimize the harm or damage that could result.

In the event of a loss, these procedures anticipate the rapid execution of each step in order to minimize the impact of the loss.

Service Level Agreements

Service level agreements define what support and services the Amherst IT department provides.

Use of Public IT Facilities

Use of the public computing facilities at Amherst College is subject to the following regulations.

Eligibility for Accounts

This policy applies to accounts for email, web page space, shared file server space, and other general facilities commonly given to members of the Amherst College community. It does not apply to the administrative information system, nor to the course management system.