Updated Information Technology Security Policy, includes critical incident response information

OTDI’s Digital Security and Trust team has released an updated Information Technology (IT) Security Policy. The new policy outlines the IT security requirements for all information assets and systems managed by the university and guidelines for the anyone who use these systems. It also integrates guidance from the former Information Security Incident Response Management policy to provide users with steps for reporting, investigating, and notifying relevant parties in the event of a security incident

In addition to replacing the previous version of Information Technology Security Policy, it also combines the guidance provided in the Information Security Incident Response Management policy, which was previously a separate policy.

The policy also has been updated to stay current with the latest advancements in technology. Changes include:

• Updates language regarding the university’s information security program.
• Adds language about the university’s privacy program and disaster recovery program.
• Incorporates information from the Information Security Incident Response Management policy outlining the university’s processes for responding to information security incidents.
• Revises language throughout to improve clarity and accuracy and reorganizes information to improve readability and flow.
• Updates the Definitions table, a reference tool that provides clear explanations for specific terms related to information security and technology.
• Updates Resources and Contacts information.

Integrating security guidelines with incident response procedures, has resulted in an updated policy that represents the university’s comprehensive approach to protecting university systems and data. You can access the updated Information Technology (IT) Security Policy on the Office of University Compliance and Integrity’s University Policies website.