Skip to main content


Information security policies underpin the security and well being of information resources. They are the foundation, the bottom line, of information security within any institution. The Information Security policies are formal statements that specify a set of rules that all users must follow when gaining access to UC’s information and information systems.

Policies are high-level management directives, and they are mandatory. A policy has four parts: purpose, scope, responsibilities, and compliance. The purpose will describe the need for that policy. The scope will describe what systems, people, facilities, and organizations are covered by the policy. The responsibilities are those of the information security staff, policy and management teams, and of the whole organization. In order to be in compliance, a policy will be judged on how effective it is and what happens when it is violated.

Applicable to UC

 Policy  Number  Policy Name Link

Policy 9.1.1 Data Protection Policy (Data Governance & Classification Policy)
Data Classification Chart
PDF Approved
Policy 9.1.10 HIPAA Information Security Policy
HIPAA Administrative, Physical & Technical Safeguards
PDF Approved
Policy 9.1.23 Passwords Policy PDF Approved
Policy 9.1.25 Data Center Visitor Policy PDF Approved
Policy 9.1.3 Use of Information Technology Policy PDF Approved
Policy 9.1.6 Risk Acceptance Policy PDF Approved

Applicable to IT@UC

 Policy  Number  Policy Name Link Status
Policy 9.1.27 Information Security Design &  Architecture Review Policy
Security Review Form
Security Review Process
PDF  Approved
Policy 9.1.7 Clean Desk Policy PDF Approved

Draft Policies Awaiting Approval

Policy Number Policy Name Link
Policy 9.1.2 Vulnerable Electronic Systems Policy PDF
N/A Acceptable Use of IT Resources Policy PDF

Other UC Policies

To view PDF files, you will need Adobe Acrobat Reader, a free download.