UC Information Security Policies
Information security policies underpin the security and well being of information resources. They are the foundation, the bottom line, of information security within any institution. The university Information Security policies are formal statements that specify a set of rules that all users must follow when gaining access to the UC’s information and information systems.
To sort by a column just click on the appropriate column header
| Policy # | Policy Name | Policy Text | Status |
|---|---|---|---|
| Policy 9.1.6 | Acceptance of Risk Policy For forms and more click here |
Proposed | |
| Policy 9.1.7 | Clean Desk Policy Policy | Proposed | |
| Policy 9.1.25 | Data Center Visitor Tours | Proposed | |
| Policy 9.1.1 | Data Protection Policy Data Classification & Data Types Minimum Safeguards Data Protection and Encryption at UC Printer Trade-in and Disposal Advice |
Approved | |
| Policy 9.1.5 | ASP Programming Security Implementation | Proposed | |
| Policy 9.1.8 | Email Retention Policy | Proposed | |
| Policy 9.1.9 | Employee Verification Policy | Proposed | |
| Policy 9.1.1 | Full Disk Encryption Policy | Proposed | |
| Policy 9.1.10 | HIPAA Coverage Policy | Proposed | |
| Policy 9.1.11 | Information Security Emergency Response Policy | Proposed | |
| Policy 9.1.12 | Information Security Forensic Investigation Policy | Proposed | |
| Policy 9.1.23 | Password Policy | Proposed | |
| Policy 9.1.27 | Information Security Design & Architecture Review | Approved | |
| Policy 9.1.13 | Password Reset Policy | Proposed | |
| Policy 9.1.4 | PII Production Data Use | Proposed | |
| Policy 9.1.14 | Privileged Access Policy UC InfoSec F41 Privileged Access Agreement |
Proposed | |
| Policy 9.1.15 | Remote Authentication into Sensitive Accounts Policy | Proposed | |
| Policy 9.1.16 | Security Awareness and Education Policy | Proposed | |
| Policy 9.1.17 | Security Data Retention Policy | Proposed | |
| Policy 9.1.18 | Suspension of Accounts Policy | Proposed | |
| Policy 9.1.19 | System Level Account Policy | Proposed | |
| Policy 9.1.20 | Trusted Entity Policy | Proposed | |
| Policy 9.1.21 | Umbrella Information Security Policy | Proposed | |
| Policy 9.1.2 | Vulnerable Systems Policy | Approved | |
| Policy 9.1.31 | Computer Locking Policy | Approved | |
| Policy 9.1.48 | Server Security Baseline Standard | Proposed | |
| Policy Number | Policy Name | Policy Text | Status |
What is necessary for the success of Security Policies:
For the above security policies to succeed they must follow these guidelines:
- Management must support the policies.
- The policies must be technically feasible.
- The policies must be implemented globally throughout the institution.
- The policies must clearly define responsibilities for users, faculty, administrators and management.
- The policies must be flexible to adapt to changing technologies and institution goals.
- The policies must be understandable.
- The policies must be widely distributed.
- The policies must be enforceable.
- The policies must provide sanctions for users violating the policies.
- The policies must contain a response plan for when security breaches are exposed.