Information security policies underpin the security and well being of information resources. They are the foundation, the bottom line, of information security within any institution. The Information Security policies are formal statements that specify a set of rules that all users must follow when gaining access to UC’s information and information systems.

Policies are high-level management directives, and they are mandatory. A policy has four parts: purpose, scope, responsibilities, and compliance. The purpose will describe the need for that policy. The scope will describe what systems, people, facilities, and organizations are covered by the policy. The responsibilities are those of the information security staff, policy and management teams, and of the whole organization. In order to be in compliance, a policy will be judged on how effective it is and what happens when it is violated.

Applicable to UC

 Policy  Number  Policy Name Link

 Policy  9.1.1  Data Protection Policy PDF Approved
 Policy  9.1.10  HIPAA Information Security Policy
 HIPAA Administrative, Physical &  Technical Safeguards
PDF Approved
 Policy  9.1.2  Vulnerable Electronic Systems Policy PDF Approved
 Policy  9.1.23  Passwords Policy PDF Approved
 Policy  9.1.25  Data Center Visitor Tours Policy PDF Approved
 Policy  9.1.26  Mobile Privacy Policy PDF Approved
 Policy  9.1.6  Acceptance of Risk Policy PDF Approved
 Policy  2.1.7  Wireless Communication Stipend Policy PDF Approved
 Policy  1.8.4  Electronic Signature Policy PDF Approved
 N/A  Domain Name System Policy HTML Approved
 N/A  Information Technology Management  Policy PDF Approved
 N/A  Internal Mass Communications Policy PDF Approved
 N/A  Network Connection Policy PDF Approved
 N/A  Perimeter Firewall Policy PDF Approved
 N/A  Student E-Mail Policy PDF Approved
 N/A  Use of Information Technology Policy PDF Approved
 N/A  Web Policy HTML Approved

Applicable to UCIT

 Policy  Number  Policy Name Link Status
 Policy  9.1.14  Privileged Access Policy
 UC InfoSec F41 Privileged Access  Agreement
PDF Approved
 Policy  9.1.27  Information Security Design &  Architecture Review Policy
 Security Review Form
PDF  Approved
 Policy  9.1.31  Computer Locking Policy PDF Approved
 Policy  9.1.6  Clean Desk Policy PDF Approved

In Process & Proposed Policies

Policies in this section are currently in DRAFT form and have not been formally approved for all audiences. Content may not be complete and/or will likely be updated and hyperlinks may be broken.  Documents may be updated without notice.


 Policy  Number  Policy Name Link Status
 Policy  9.1.11  Information Security Emergency  Response Policy PDF Proposed

To view PDF files, you will need Adobe Acrobat Reader, a free download.

  • University of Cincinnati UCIT Office of Information Security
  • University Hall
  • 51 Goodman Drive
  • Cincinnati, OH 45221