Policies and Standards

The Office of Information Security (OIS) is responsible for developing and maintaining technology policies, standards, and guidelines that ensure the security and integrity of the university's information systems and data. These policies establish the foundation for a secure computing environment, aligning with regulatory requirements, industry best practices, and institutional needs.

Policies

Our policies provide the overarching principles and mandatory requirements that all university members must follow to protect institutional data and IT resources. Key policies include:

Technology Use

• Acceptable Use - Employee
• Acceptable Use - Student
• Acceptable Use - Vendor
• Copyright Infringement and Illegal File Sharing
• Email Policy
• Network Policy
• Web Policy
• Wireless Policy

Privacy and Compliance

• Online Privacy Policy
• Information Security Awareness Policy

Data Security

• Incident Response Policy
• Patch Management Policy
• Change Management

Data and Records Management

• Cloud Storage
• Data Encryption Policy
• Data Classification

Standards and Guidelines

In addition to policies, OIS publishes technical standards and guidelines that detail specific security controls and implementation requirements. These guidelines and standards can be accessed through our Technology Standards and Guidelines site.

Compliance and Enforcement

All university members are expected to adhere to these policies and standards. Non-compliance may result in disciplinary action, loss of access privileges, or other corrective measures. OIS regularly reviews and updates these policies to reflect emerging threats, regulatory changes, and technological advancements.