IT Policies, Standards, and Guidelines

IT Policies, Standards, and Guidelines

IT Security Policies

Policies relating to information technology security are available in the IT Security Policy Manual. The latest edition of the manual can be accessed on the University Policies and Procedures website. Included are the following policies:

  • Acceptable Use
  • Access Control Policy
  • Data Roles And Responsibilities
  • Data Classification Levels
  • Confidential Data
  • Risk Management
  • Security Awareness Training
  • Incident Response
  • Business Continuity & Disaster Recovery
  • Secure Web Application Development

IT Security Policy Manual

The University’s information technology policies and guidelines apply to users of its resources whether or not they are members of the University. It also applies to all uses of those resources, whether on campus or from remote locations.

The University develops and revises standards and procedures when necessary to promote compliance with its policies.

The University’s information technology policies and guidelines will be reviewed annually by the IT Steering Council and updated accordingly.

  • Individual units within the University may issue additional policies and guidelines for resources under their control. Such additional policies and guidelines must be consistent with the University’s information technology policies and guidelines. These additional policies and guidelines must be reviewed and formally approved by the Assistant to the Vice Chancellor for Policy and Process before implementation.

Violations of University Information Technology Services policies are treated in the same way as a violation of any other University policy as governed by the University Laws and Bylaws, General Rules of Conduct For All University Employees, and University of Connecticut Student Conduct Code.

University IT Policies:

Policies & Procedures Website – All IT Policies

Official State of Connecticut Policies:

  • Acceptable Use Policy
  • Limits on the Use of State Telephones (Memorandum 85-39)
  • Universal Website Accessibility Policy

University IT Standards, Guidelines, and Recommendations:

  • Electronic Data Transport Standard
  • Fair Use of Copyrighted Works Guidelines
  • Guidelines for Departmental/Unit Web Pages
  • Guidelines for Managing E-Mail
  • Individual Workstation Security Guidelines
  • IT Security Standards
  • LAN Security Guidelines
  • Laptop/Portable Computer Security Guidelines
  • Operational Procedures for Official E-Mail Lists
  • Outlook Email Security Guidelines
  • Password Guidelines
  • Physical Security Standards
  • Procedures for Handling Confidential and Registered Confidential Data
  • Sensitive University Data Quick Reference Chart
  • Sensitive University Information Checklist
  • Technical Standard for Data Backups
  • Telecommunications Design Guide & Standards
  • Current Design Guide & Standards
  • DGS April 2011
  • UConn Outside Plant Detail
  • Archived Revisions
  • DGS Jan 2004
  • Website Development and Design Standards
  • UConn Wireless Security Standards Worksheet
  • UITS Standard – Copying University Data

Other Documents

  • Procedure for Handling Digital Millennium Copyright Act (DMCA) Complaints
    • Template of first notification of complaint letter
    • Template of second notification of complaint letter for faculty and staff
    • Template of second notification of complaint letter for students
    • Notice to Students Concerning RIAA Efforts – August 2007
  • Procedures for locating and removing sensitive data stored on computer hard drives.
  • Procedures for Removing (Wiping) Data from a Computer Prior to Re-Deployment Surplus or Disposal
  • Privacy Notice Statement
  • Risk Assessment and Business Continuity Plan Documents
    • Security Risk Self-Assessment Process Instructions
    • Inventory and Description template
    • IT Security Risk Assessment template
    • Business Continuity Plan template
    • Common Information Systems Assets reference document
    • Common Threats reference document
    • Common Vulnerabilities reference document
  • UITS Rules of Conduct with Respect to Confidential Information.
  • UITS Procedures for Secure Shredding of Confidential Data – Sensitive Paper Documents.