Skip to main content


Information security policies underpin the security and well being of information resources. They are the foundation, the bottom line, of information security within any institution. The Information Security policies are formal statements that specify a set of rules that all users must follow when gaining access to UC’s information and information systems.

Policies are high-level management directives, and they are mandatory. A policy has four parts: purpose, scope, responsibilities, and compliance. The purpose will describe the need for that policy. The scope will describe what systems, people, facilities, and organizations are covered by the policy. The responsibilities are those of the information security staff, policy and management teams, and of the whole organization. In order to be in compliance, a policy will be judged on how effective it is and what happens when it is violated.

Applicable to UC

 Policy  Number  Policy Name Link

Policy 9.1.1 Data Protection Policy PDF Approved
Policy 1.8.4 Health Insurance Portability and Accountability Act Policy
Reasonable Safeguards for PHI
Users and Disclosures of PHI
Individual Rights under HIPAA
PDF Approved
Policy 9.1.10 HIPAA Information Security Policy
HIPAA Administrative, Physical &  Technical Safeguards
PDF Approved
Policy 9.1.2 Vulnerable Electronic Systems Policy PDF Approved
Policy 9.1.23 Passwords Policy PDF Approved
Policy 9.1.25 Data Center Visitor Tours Policy PDF Approved
Policy 9.1.26 Mobile Privacy Policy PDF Approved
Policy 9.1.6 Acceptance of Risk Policy PDF Approved
Policy 2.1.7 Wireless Communication Stipend Policy PDF Approved
Policy 1.8.4 Electronic Signature Policy PDF Approved
 N/A Domain Name System Policy HTML Approved
 N/A Information Technology Management  Policy PDF Approved
 N/A Internal Mass Communications Policy PDF Approved
 N/A Network Connection Policy PDF Approved
 N/A Perimeter Firewall Policy PDF Approved
 N/A Student E-Mail Policy PDF Approved
 N/A Use of Information Technology Policy PDF Approved
 N/A Web Policy HTML Approved

Applicable to UCIT

 Policy  Number  Policy Name Link Status
Policy 9.1.14 Privileged Access Policy
UC InfoSec F41 Privileged Access  Agreement
PDF Approved
Policy 9.1.27 Information Security Design &  Architecture Review Policy
Security Review Form
PDF  Approved
Policy 9.1.31 Computer Locking Policy PDF Approved
Policy 9.1.6 Clean Desk Policy PDF Approved

In Process & Proposed Policies

Policies in this section are currently in DRAFT form and have not been formally approved for all audiences. Content may not be complete and/or will likely be updated and hyperlinks may be broken.  Documents may be updated without notice.

 Policy  Number  Policy Name Link Status
Policy 9.1.11 Information Security Emergency Response Policy PDF Proposed

Other UC Policies


To view PDF files, you will need Adobe Acrobat Reader, a free download.