The Policy, Compliance, and Assessment Program provides the guidance for the creation and maintenance of Institute-wide information security policies, issue-specific policies, standards, and procedures. These documents are used for IT governance, risk management, and legal & regulatory compliance (e.g. FERPA, GLBA, HIPAA, PCI DSS, DFARS 7012/NIST 800-171).
Standards and safeguards are used to achieve policy objectives through the definition of mandatory controls and requirements.
Procedures are used to ensure consistent application of security policies and standards.
Guidelines provide guidance on security policies and standards.
Tools and forms related to these are also maintained here.
- Business Continuity Requests
- Change Request Form
- Data Privacy Procedures
- Data Protection Safeguards
- Data Protection Safeguards - Controlled Unclassified Information (CUI)
- Data Protection Safeguards - Cloud Computing
- Data Protection Safeguards - Endpoints
- Data Protection Safeguards - Mobile Devices
- Data Protection Safeguards - Servers
- Encryption Standard
- Incidental Use Guidelines
- Network Firewall Standards
- Patch Management Procedure
- Third Party Security Questionnaire
- Third Party Security Procedures
- Visitor Log