INFORMATION MANAGEMENT AND SERVICES: Technology Services

Policies, Standards & Guidelines

Policies

These are high-level statements of the University’s goals and objectives with the intent to be long-lasting.  They outline specific requirements or rules that must be met.

Standards

These are mandatory rules of measure; collections of system-specific or process-specific requirements that must be met.  Standards are designed to provide policies with the support structure and specific direction they require to be meaningful and effective.

Guidelines

These are recommended models or general statements designed to achieve policy objectives by providing a framework for developing or implementing procedures, processes, or practices; guidelines may utilize or refer to standards.

Security References and Information Technology-related policies from the Handbook of Operating Procedures:

Chapter 1 - Administration and Organization

1.3 EXECUTIVE OFFICERS
1.3.5 Vice President and Chief Information Officer
pdf icon

1.7 STANDING COMMITTEES

1.7.4 Computing Resources Committee

Chapter 2 - General Policies & Procedures

2.2. INFORMATION MANAGEMENT

2.2.1 Records and Information Management and Retention
(Record Retention Guidance for E-mail)

2.2.2 Information Security

2.2.3 Family Educational Rights and Privacy

2.2.6 Release of Records and Requests for Personal Information
2.3 LEGAL AFFAIRS

2.3.2 Use of Copyrighted Material
2.4 ETHICS AND STANDARDS OF CONDUCT

2.4.1 Code of Ethics and Standards of Conduct

2.4.2 Personal Use of University Resources, Equipment and Assets
2.5 ADMINISTRATIVE AND SUPPORT DEPARTMENTS

2.5.5 Library
2.7 MISCELLANEOUS

2.7.3 Fraud Policy

Chapter 4 - General Personnel Policies

4.4 BACKGROUND INFORMATION CHECKS

4.4.1 Criminal Background Checks for Security Sensitive Positions

4.5 EMPLOYMENT ADMINISTRATION

4.5.6 Ending Employment (Exit/Clearance Form)

4.5.17 Personnel Records

4.7 WORK AND LEAVE ADMINISTRATION

4.7.10 Telecommuting

4.10 EMPLOYEE DEVELOPMENT AND TRAINING

4.10.1 Compliance Training

4.10.4 Disciplinary Actions for Failing to Attend Compliance Training Sessions

Chapter 5 - Information Management & Services

5.2 TELECOMMUNICATIONS AND NETWORKING

5.2.9 Computer Networking Policies

5.4 OFFICE OF EDUCATIONAL RESOURCES

5.4.4 Copyrighted University Materials

5.4.5 Web Use Policy and Guidelines

5.5 COMPUTING RESOURCES

5.5.2 Organization and Services

5.5.4 Access to Central Resources

5.5.5 Guidelines for Central Computing Use

5.5.6 Data Ownership and Client Responsibility

5.5.7 Electronic Information Retention

5.5.8 Software Policy

5.5.9 Email Use

5.5.10 Internet Use

5.5.11 Computer Crimes Law

5.5.12 Using Electronic Communications for Broadcast

E-mail Notifications and Distribution of Information
5.8 INFORMATION SECURITY

5.8.1 Information Security Function

5.8.2 Definitions

5.8.3 Computer Crimes Law

5.8.4 Access Control and Password Management

5.8.4 Password Security Standard


5.8.4 Password Security Guideline

5.8.5 Information Security Incident Reporting Policy

5.8.6 Computer Incident Response Policy

5.8.7 Network Access Policy

5.8.8 Computer Network Security Configuration

5.8.9 Computer Virus Protection Policy

5.8.10 Acceptable Use of Information Resources

5.8.11 Peer-to-Peer Access Policy

Unauthorized Peer-to-Peer (P2P) Software list

5.8.12 Portable Computing Policy

5.8.13 Security Monitoring

5.8.14 Administration of Security on Server Computers

5.8.14 Server Security Standard

5.8.15 Technical Support Representative (TSR) Policy

5.8.16 Administrative System Access Controls (ACE Program)

5.8.17 Information Security Training and Awareness Policy

5.8.18 Third-Party Management of Information Resources

5.8.18 Third-Party Risk Assessment Security Standard

Information Security Third-Party Assessment Survey

5.8.19 Administrative and Special Access Policy

5.8.20 Information Resources Privacy Policy

5.8.21 Data Classification

5.8.21 Protection By Data Classification Standard

5.8.22 Data Media Control

5.8.22 Media Control (Accountability) Security Standard

5.8.22 Media Control (Data Destruction) Security Standard

5.8.22 Media Control (Data Destruction) Security Guidelines

5.8.23 Data Backup Policy

5.8.23 Backup Security Guideline

5.8.24 Change Management Security Policy

5.8.25 Systems Development Security Policy

5.8.26 Electronic Information Security Risk Management

5.8.26 Electronic Information Security Risk Assessment Security Standard

5.8.27 Physical Security for Electronic Information Resources

5.8.27 Physical Security for Electronic Information Resources Standards

5.8.28 Administration of Security on Workstation Computers

5.8.28 Workstation Security Standard

5.8.29 Web Application Security

5.8.29

5.8.29 Web Application Security Standard

5.8.29

Chapter 6 - Fiscal Policies & Procedures

6.3 PROPERTY CONTROL

6.3.3 Deletion of State Property

Electronic Storage Device Disposal Request

Property Deletion Request

Software Deletion Request

6.3.8 Property Removal Permit

Property Removal Permit

Chapter 8 - Health and Safety

8.6 STUDENT RIGHT-TO-KNOW AND CAMPUS SECURITY ACT

8.6.1 Student Right to Know and Campus Security Act

8.7 UNIVERSITY POLICE

8.7.2 Security

8.7.5 Property Removal

Property Removal Permit

8.7.7 Security Sensitive Positions

8.7.9 Key/Card Keys

8.7.10 Identification Badge Policy

8.7.11 Contractors and Vendors

Chapter 11 - Patient Privacy Policies

11.1 GENERAL AND OVERSIGHT POLICIES

11.1.5 Patient Health Records

11.1.6 Confidentiality of Patient Health Information

Confidentiality/Security Acknowledgement

11.1.14 E-Mailing Protected Health Information
11.4 EDUCATION

11.4.1 Education and Training on Patient Privacy

Chapter 12 - Intellectual Property

12.1 TECHNOLOGY DEVELOPMENT

12.1.1 Intellectual Property Policy

More on Web Policies.

Top