Policies

There are several different types of IT security documents governing and guiding how we secure our information across all of CU.  IT security documents can be:

  • System-level policies or CU Administrative Policy Statements (APS)
  • Campus-wide policies (APS)
  • IT Department guidelines, plans or procedures (sometimes loosely referred to as “IT policies”)
  • Organizational unit (department, office, program, etc) operating procedures and standards (also sometimes referred to as “departmental policies”)

CU System-Level IT Security Policies & Related Procedures

There are five systems-level IT security policies that define the CU IT Security Program and which are the basis for the on-line Information Privacy and Security awareness courses required to be taken by all CU employees.  These policies were developed at the CU-System level and have gone through the formal APS approval process.  They apply across all CU campuses and Systems.

These policies can be found on the CU Office of Information Security website at:  https://www.cu.edu/policies/aps-az.html.

UCCS Campus-Level IT Security Policies

UCCS has several campus-wide IT security policies.  These have gone through the formal UCCS approval process, are designated with a specific policy number (700 series), and apply across the whole Colorado Springs campus.  These policies can be found under the Information Technology heading (700 series)at:  http://www.uccs.edu/vcaf/uccspol.html.

They are:

  1. E-Mail as Official Means of Communication
  2. Responsible Computing
  3. Information Technology Security
  4. Wireless Networks
  5. Computer Security Incident Response

UCCS IT Department Security Documents

IT Department “policies” are not formally approved APS’s, but are IT’s rules for IT resource usage.  These are statements about the way IT operates its labs, controls access to IT resources and what activities are and are not allowed on UCCS IT resources.  Many of these “policies” are helpdesk help sheets.

Some important IT department security documents are:

  1. Using VPN – Securely connecting to the campus network from off-campus.
  2. Email Security and Virus Information – Tips on staying safe when using email.
  3. Electronic Mail Usage – Requirements on how and how not to use UCCS email.
  4. Library Computer User Policy – Responsibilities and expectations while using Kraemer Family Library computers.
  5. Software Policy – Requirements for requesting specialized software in the classrooms or a lab.
  6. UCCS Copyright Infringement Statement and CU Boulder Illegal File Sharing Information site – Warnings against and consequences for illegal downloading and/or sharing of copyrighted material.
  7. UCCS IT Minimum Security Standard - Guidelines and standards for implementing technology

Organizational Unit (departments, offices, programs, etc.) Security Documents

Some UCCS organizational units are required by the Payment Card Industry (PCI) to have some written procedure or statement about the rules and decisions that govern how they secure their information, such as the Bursar’s office and the Bookstore.  Even if not required, it is a good idea for organizational units to have these types of documents.  Although in some places they may be referred to as internal “policies,” they are not official policies and thus should be called by a different name.  Operating procedures, guidelines, measures, standards – these are all appropriate names.  A good example of an organizational unit’s internal security document can be found at:  COB Data Security Measures.htm