To help quickly locate information, we've created summaries of the most important security policies and standards. The summaries only cover key elements of these policies and standards. If you need more detailed information, you should refer to the full documents given as links provided in the tables below..
Download the Information Security Standards & Guidelines Management Process (PDF) for more information on how ITS-OIS manages the drafting, reviewing, approving, and maintaining of standards and guidelines.
Policies, Standards, and Guidelines
|Type||Title||Status||Description||Information Covered||Governance Groups|
Defines at a high level the roles, responsibilities, and measures required to cost effectively manage risks related to University information resources.
Security Roles and Responsibilities
Key Security Controls
Outlines technology practices and utilization requirements necessary for ensuring University information systems are protected from misuse.
Outlines responsibilities for limiting access to confidential and senstive University information to a business/education need-to-know.
Outlines process for authorizing units to accept payment cards, and campus compliance with the Payment Card Industry Data Security Standard
Payment Card Compliance
Payment Card Oversight Committee
Data Management Standard (PDF)
Outlines the responsibilities and requirements needed to consistently protect the value and security of University data.
Data Management Group
Encryption Standard (PDF)
Defines the requirements necessary for securely managing encryption technologies in order to provide acceptable levels of protection for institutional data and systems.
Logical Control Requirements
Defines the requirements associated with the management of passwords utilized for managing, accessing, and supporting University enterprise information systems.
Password Creation and Management
Define the required processes and controls needed to effectively identify, analyze, report, and manage information risks related to University information assets.
Information Security Risk Management
Define the specific minimum technical security practices needed to protect different types of University information resources based on the degree of risk that may be realized should these resources be compromised, stolen, degraded, or destroyed.
Technical Security Measures
Defines University Secure Data Environments and requirements for the secure storage, transmission, and disposal of University Data.
Provides guidance of which campus technologies can be used to securely transmit or store different types of University data.
How to securely transmit and store confidential data.
What practices to avoid to help prevent potential data breach.
Provide guidance and best practices to secure mobile devices to help safeguard both personal and University data.
Mobile device security steps.