Policies, standards and guidelines
Policies
These are high-level statements of the university’s goals and objectives with the intent to be long-lasting. They outline specific requirements or rules that must be met.
Standards
These are mandatory rules of measure; collections of system-specific or process-specific requirements that must be met. Standards are designed to provide policies with the support structure and specific direction they require to be meaningful and effective.
Guidelines
These are recommended models or general statements designed to achieve policy objectives by providing a framework for developing or implementing procedures, processes, or practices; guidelines may utilize or refer to standards.
Security References and Information Technology-related policies from the Handbook of Operating Procedures:
Chapter 1
1.7 STANDING COMMITTEES
Chapter 2
- 2.2.1 Records and Information Management and Retention
- 2.2.2 Information Security
- 2.2.3 Family Educational Rights and Privacy
- 2.2.6 Release of Records and Requests for Personal Information
Chapter 4
4.4 BACKGROUND INFORMATION CHECKS
4.5 EMPLOYMENT ADMINISTRATION
4.7 WORK AND LEAVE ADMINISTRATION
4.10 EMPLOYEE DEVELOPMENT AND TRAINING
- 4.10.1 Compliance Training
- 4.10.4 Disciplinary Actions for Failing to Attend Compliance Training Sessions
Chapter 5
5.2 SYSTEMS AND NETWORK OPERATIONS
- 5.2.4 Communications Infrastructure and Equipment
- 5.2.5 Protection of Information Resources
- 5.2.6 Electronic Mail Use and Retention
- 5.2.7 Using Electronic Communications for Broadcast E-Mail Notifications and Distribution of Information
- 5.2.8 Internet Use
5.4 EDUCATIONAL MEDIA RESOURCES
5.5 INFORMATION MANAGEMENT CLIENT SUPPORT SERVICES
- 5.5.2 Organization and Services
- 5.5.4 Access to Central Resources
- 5.5.9 Lost or Stolen Communications Equipment
- 5.5.10 Software Policy
- 5.5.13 Technical Support Representative (TSR) Policy
5.8 INFORMATION SECURITY
- 5.8.1 Information Security Program
- 5.8.4 Access Management
- 5.8.5 Information Security Incident Management
- 5.8.8 Information Resource Security Configuration and Management
- 5.8.9 Malware Prevention Policy
- 5.8.10 Information Resources Acceptable Use and Security Policy
- 5.8.12 Mobile Device and Personally-Owned Computing Policy
- 5.8.13 Security Monitoring
- 5.8.17 Information Security Training and Awareness Policy
- 5.8.18 Third-Party Management of Information Resources
- 5.8.19 Administrative and Special Access Policy
- 5.8.20 Information Resources Privacy Policy
- 5.8.21 Data Classification
- 5.8.22 Data Protection
- 5.8.23 Back-Up and Disaster Recovery Policy
- 5.8.24 Change Management Security Policy
- 5.8.25 Systems Development Life Cycle (SDLC) Policy
- 5.8.26 Information Security Risk Management
- 5.8.27 Physical Security for Information Resources
- 5.8.30 Information Security Exceptions
- 5.8.31 Cloud Computing Policy
Chapter 8
8.6 STUDENT RIGHT-TO-KNOW AND CAMPUS SECURITY ACT
8.7 UNIVERSITY POLICE
- 8.7.2 Security
- 8.7.5 Property Removal
- 8.7.7 Security Sensitive Positions
- 8.7.9 Key/Card Keys
- 8.7.10 Identification Badge Policy
- 8.7.11 Contractors and Vendors
Chapter 10
10.1 ETHICS, STANDARDS OF CONDUCT, AND RELATIONSHIPS WITH EXTERNAL ENTITIES
- 10.1.2 Code of Ethics and Standards of Conduct
- 10.1.3 Personal Use of University Resources, Equipment, and Assets
Chapter 11
11.1 GENERAL AND OVERSIGHT POLICIES
- 11.1.1 Notification of Privacy and Security Breaches
- 11.1.5 Patient Health Records
- 11.1.6 Confidentiality of Patient Health Information
- 11.1.12 E-Mailing Protected Health Information
- 11.1.14 Securing Protected Health Information and Mobile Devices
11.4 EDUCATION