Information Technology Security Policy

Version 1.2

For Students, Faculty, Staff, Guests, Alumni


The University's policy is to protect the IT Resources' confidentiality, integrity, and availability commensurate with their risk and value while maintaining accessibility.


This IT policy, and all policies referenced herein, shall apply to all members of the University community, including faculty, students, administrators, staff, alumni, authorized guests, delegates, and independent contractors (the “User(s)” or “you”) who use, access, or otherwise employ, locally or remotely, the University’s IT Resources, whether individually controlled, shared, stand-alone, or networked.

Policy Statement

  • In alignment with the University's strategic plan and oversight from the Board of Trustees, the Information Risk Management Board (IRMB) and the Associate Vice President for IT/Chief Information Security Officer (AVP/CISO) are responsible for approving and ensuring compliance with this policy.
  • The University must:
    • Integrate information security principles into all aspects of the University's activities.
    • Ensure that reasonable security policies, standards, controls, processes, practices, and procedures are established and maintained to safeguard IT Resources.
    • Follow a risk-based approach to protect the assets' confidentiality, integrity, and availability as business needs and IT Resources change.
    • Operate IT security activities effectively, responsibly, and ethically, complying with all global, federal, state, and local laws and regulations.
  • By upholding confidentiality, integrity, and availability, Information Security and Assurance (ISA) must:
    • Secure IT Resources from unauthorized access and alterations.
    • Ensure IT Resources are available to authorized Users.
    • Maintain an information security program aligned with the University IT risk posture that develops, deploys, and supports reasonable security policies, processes, practices, procedures, guidelines, and technologies to protect IT Resources.
    • Provide training to support this policy.
    • Coordinate with the Incident Response Team (IRT) in response to information security incidents, violations, or crimes arising from or relating to the misuse of IT Resources.
    • Work with Public Safety in conducting investigations, preparing reports for the authorities, and supporting authorities conducting their investigations.
  • The University's Vice Presidents and Deans are responsible for championing this policy's information security practices in their departments and schools by supporting recommendations by the AVP/CISO.
  • Users must safeguard IT Resources when using, accessing, and interacting with them.


IT Resources include computing, networking, communications, application, telecommunications systems, infrastructure, hardware, software, data, databases, personnel, procedures, physical facilities, cloud-based vendors, Software as a Service (SaaS) vendors, and related materials and services.

Related Policies and Procedures

Acceptable Uses of IT Infrastructure and Resources

Implementation Information

Review Frequency
Responsible Person
Senior Director, IT Security Operations and Assurance
Approved By
Approval Date
May 22, 2018

 Revision History

Initial policy
Updates to disclaimer statement, definitions, and scope
1.1 07/15/2020 Updated policy statement
1.2 09/21/2023 Updated purpose, scope, policy disclaimer, and policy statement

Policy Disclaimer Statement

Deviations from policies, procedures, or guidelines published and approved by Information Security and Assurance (ISA) will only be considered cooperatively between ISA and the requesting entity with sufficient notice to allow for conducting appropriate risk analysis, documentation, review, and notification to authorized University representatives where necessary. Failure to adhere to ISA written policies may be met with University sanctions up to and including dismissal.

 Need Help?

Walk-In Centers

McShane Center 266 | RH
Leon Lowenstein SL18 | LC

View Our Walk-In Hours