Information Technology Policies and Procedures

Introduction

University information technology resources constitute a valuable University asset that must be managed accordingly to ensure their integrity, security, and availability for teaching, research and business activities. Carrying out this mission requires the University to establish basic Information Security policies and standards and to provide both access and reasonable Security at an acceptable cost. The University Information Technology Policies and Procedures are intended to facilitate and support authorized access to University information.

The purpose of the University Information Policies and Procedures is:

• To establish University-wide Protocol for Information Security.
• To help identify and prevent the compromise of Information Security and the misuse of University information technology resources.
• To protect the reputation of the University and to allow the University to satisfy its legal and ethical responsibilities with regard to its information technology resources.
• To enable the University to respond to complaints and queries about real or perceived non-compliance with the University Information Technology Policies and Procedures.

Defined Terms

The definitions of capitalized words and phrases in these Policies and Procedures have special meanings. Their definitions appear in Appendix A and readers should review those terms prior to reading these Policies and Procedures and thereafter refer to them as needed.

Responsibility

Authorized Users of University information technology resources are personally responsible for complying with all University policies, procedures and standards relating to Information Security, regardless of campus center or location and will be held personally accountable for any misuse of these resources.

Amendments

Proposals for amendments to this document may be submitted to the Information Technology Services Department for review. If the review results in the need to amend the Information Technology Policies and Procedures Manual, Information Security personnel and the Vice President and General Counsel will draft the proposed amendment. The proposed amendment will be forwarded to the Information Technology Policies and Procedures Review Committee. Upon approval by that committee, the proposed amendment will be forwarded to the Executive Staff for review and if approved, for inclusion in the Information Technology Policies and Procedures Manual.