IT Policy on Policies

Version 1.4

For Students, Faculty, Staff, Guests, Alumni


This policy defines how policies regarding information technology are developed at Fordham University.


This IT policy, and all policies referenced herein, shall apply to all members of the University community, including faculty, students, administrative officials, staff, alumni, authorized guests, delegates, and independent contractors (the “User(s)” or “you”) who use, access, or otherwise employ, locally or remotely, the University’s IT Resources, whether individually controlled, shared, stand-alone, or networked.

Policy Statement

  • All policies must be developed following the Procedure on Developing IT Policies.
  • All policies must have a “responsible person” assigned to the policy. This person is in charge of authoring the policy and its review. This person must be Director level or higher. 
  • All policies must have a review frequency of no less than one year and no greater than three years. 
  • All policies must obtain the proper approvals to be valid.  
  • The AVP/CISO is responsible for all policies impacting the Office of Information Technology. 
  • Policies may also require approval from the Office of Legal Counsel (OLC). 
  • All policies and related procedures must use the templates provided by the Senior Director of IT Security and Assurance or have been approved by the AVP/CISO. 
  • Initial procedures issued with a policy must also follow the same approval process as its associated policy. 
  • Significant changes to policies, regardless of scope, must obtain AVP/CISO approval. 
  • If required, changes to policies should receive the OLC’s approval. 
  • Minor changes to policies or procedures only require the approval of the Senior Director of IT Security and Assurance.

Related Policies and Procedures

Implementation Information

Review Frequency: Triennial
Responsible Person: Senior Director of IT Security and Assurance 
Approved By: CISO
Approval Date: June 1, 2016

Revision History

Version: Date: Description:
1.0 06/01/2016 Initial document
1.0.1 05/23/2017 Updated disclaimer and scope
1.1 08/14/2019 Updated policy statement
1.2 03/23/2020 Updated policy statement
1.3 03/04/2021 Updated purpose and statement
1.4 08/07/2023 Updated policy statement

Policy Disclaimer Statement

Deviations from policies, procedures, or guidelines published and approved by Information Security and Assurance (ISA) may only be done cooperatively between ISA and the requesting entity with sufficient time to allow for appropriate risk analysis, documentation, and possible presentation to authorized University representatives. Failure to adhere to ISA written policies may be met with University sanctions. 

 Need Help?

Walk-In Centers

McShane Center 266 | RH
Leon Lowenstein SL18 | LC

View Our Walk-In Hours