Skip to Content - Skip to Navigation

IT Policies and Guidelines

 

Not What You’re Looking For?

or Browse by Categories

Click any item to add it to your Browse by Categories list.

IUP IT Security is governed via a distributed set of policies, procedures, and guidelines some of which in turn refer to both internal and external laws and policies that impact IT security at the university.

This distributed approach results from the fact that a number of broad governing policies, etc. (such as a variety of laws, general university policies, employment terms/CBA, the student handbook, FERPA regulations, IUP’s Gramm-Leach-Bliley Information Security Plan, and IUP Retention of University Records Policy) include elements that apply to IT security. Therefore, any attempt to create an all-encompassing IT Security Policy would run the risk of including conflicting and/or inaccurate components as those broader policies, etc. would change over time and/or new governing policies, etc. are introduced.

Any IT security-specific policy, procedure, or guideline is created when these broad policies, etc. fail to address needs. Examples include the Acceptable Use of Information Technology Resources and the Information Protection policies, the Enhanced PC User Privilege Procedure, and the Mobile Device Security Guidelines. A comprehensive list of these specific policies, procedures and guidelines can be found on the IT Support Center website.

The creation of IT security-specific policies, procedures, and guidelines are overseen by the chief information officer (CIO) or their designee. The CIO is responsible for escalating IT security-related policies to the Senate Library and Educational Services (LESC) Committee for action, with approval by the full Senate. Related procedures and guidelines do not require Senate review.

Details concerning duties and responsibilities, enforcement methods, or potential sanctions for IT security activities across different roles and organizations are contained in the various policies, procedures, and guidelines. 

IUP’s IT security office is responsible for maintaining IT security policies, procedures, and guidelines to ensure that each remains accurate and effective. Although IUP does not have a single information security officer, the IT security office is also responsible for fielding inquiries related to information security and routing inquiries to the appropriate governing entities depending upon which policy, procedures, and/or guidelines are relevant.

Related Information

Confidential Information Addendum for Contractors

Information Security Awareness Handout

Information Protection Procedures

FERPA

Last modified on 3/17/2016 11:00:07 AM
URL: http://www.iup.edu/templates_old/itsupportcenter/howto.aspx?id=169762