Information Technology Services
Home / IT Policies
IT Policies and Guidelines
CONTENTS:
- University of California policies and guidelines
- UC Santa Cruz policies and guidelines
- Change Log and Glossary
- Campus Policies & Procedures
- Protecting Restricted Data
- Additional Practices, Procedures and Guidelines
- ITS Divisional Policies
- Other General UC and UCSC Policies
- Local, State, or Federal laws
- UCSC Drafts
Policies form the foundation of any security program. Policies define how ITS will approach security, how employees (staff/faculty) and students are to approach security, and how certain situations will be handled.
While this web page lists many university IT policies, it is not an exhaustive list. Regulations, policies and procedures are constantly evolving. Laws, policies, and regulations not specific to information technology may also apply, e.g.: student conduct, personnel policy or contract, sexual harassment, chain letter laws, etc.
University of California policies and guidelines specific to computer/network resources:
- University of California IT Policies
- University of California Electronic Communications Policy (ECP)
- Digital Copyright Protection at the University of California
- Management Guide for Information Security
- UC Business and Finance Bulletins -- IS Series - Information Systems
- President Yudof's Statement on Social Security Numbers - Feb. 10, 2010 (PDF)
UC Santa Cruz policies and procedures specific to computer/network resources:
Log of Policy Updates
Glossary of selected terms in UCSC IT-related policies, procedures and guidelines
CAMPUS POLICIES AND PROCEDURES
- Campus Policies:
- IT-0001: HIPAA Security Rule Compliance Policy
- IT-0002: Password Policy - updated Jan 2015
- IT-0003: Policy for Acceptable Use of UCSC Electronic Information Resources ("Acceptable Use Policy" or "AUP") - updated May 2015
- IT-0004: Minimum Network Connectivity Requirements Policy - updated May 2015
- IT-0005: Log Policy
- IT-0006: Digital Certificate Policy
- UCSC Implementation of the UC Electronic Communications Policy (ECPI)
- Procedures supporting the above campus policies:
- Understanding UCSC's Minimum Network Connectivity Requirements
- UCSC Password Strength and Security Standards
- "Access Without Consent" Process and Form (PDF)
- Notice about Access to Records upon Employee Separation
- ITS Routine System Monitoring Practices
- Scanning for Personal Identity Information (PII) on Campus Systems - updated May 2015
- Implementing UCSC's HIPAA Security Rule Compliance Policy
- Log Procedures
- Other campus policy statements:
- PII Inventory and Security Breach Procedures - updated Jan 2015
- UC Santa Cruz ResNet Responsible Use Policy
- Instructional Computing Lab Policy Summary
- Electronic Official Communications Statement
PROTECTING RESTRICTED DATA
Protection of Social Security Numbers: Letter to campus from CP/EVC Kliger and VC IT Doyle - April 2010
- Practices for Protecting Electronic Restricted Data
- Encryption Information
- Protection Matrix
- IS-3 Assessment Template (Excel)
- Security Issue Matrix: Blank (Word) / Seeded (Word) / Instructions
- University Administrative Information Systems, Access to Information Statement (PDF)
(all individuals with access to restricted data should read and sign)
ADDITIONAL PRACTICES, PROCEDURES AND GUIDELINES
- Data Security Contract Language
- Digital Millennium Copyright Act (DMCA) at UC Santa Cruz
- Use of Non-UC Technology Services
- UCSC Plan for Combating Unauthorized Distribution of Copyrighted Materials
- Procedures for Blocking Network Access
- Payment Card Industry Data Security Standard (PCI DSS) Compliance at UCSC
- Remote Access Requirements
- Secure Browser Settings
- Security Standards and Resources
INFORMATION TECHNOLOGY SERVICES (ITS) DIVISIONAL POLICIES
- ITS Commercial Endorsement Policy
- ITS Policy Regarding Personal Identity Information (PII)
- Instructions for information requests from FBI/Federal Law Enforcement
- ITS Sanction Information
- Procedures for responding to compromised computers
Other General UC and UCSC Policies and Resources:
- UC Systemwide Policies
- UC Santa Cruz Policies and Procedures
- Student Policies and Regulations Handbook
- Title IX/Sexual Harassment Office
- University Police
Local, State, or Federal laws
- United States Code from the Office of the Law Revision Counsel under the U.S. House of Representatives
- California legislative information, maintained by the Legislative Counsel of California
- United States Copyright Office
Draft UC Santa Cruz Information Technology policies, guidelines, and practices. Please forward feedback to itpolicy@ucsc.edu
- WiFi Policy - updated 1/18/13
- WiFi Standards - updated 1/18/13
- Roles and Responsibilities for UCSC Electronic Information Resources (PDF) - ON HOLD: updated 1/31/08
- IT Policies
- IT Policy-Related Terms
- Security Web Site
- Accreditation
- Non-Discrimination Policy
- Employment
- Privacy Policy & Terms of Use
- Sexual Violence Prevention & Response
Last modified: March 28, 2016 128.114.113.74