Friday, January 2, 2015 - 9:18am

Information Technology policies exist to protect the university's technology and data assets, and many of them are key to your personal IT security as well.

Everyone has a responsibility to know and abide by the rules, so please take a moment to review four IT policies we've highlighted this year. 

1. Network Citizenship

To minimize threats to the UI telecommunications network, any device that is connected to it must meet baseline security standards: up-to-date operating systems and software, anti-virus software, and strong passwords. Users must also work with their IT support provider, cooperate with the IT security office, submit to system vulnerability scans as necessary, and immediately report possible compromises.

2. Web Accessibility

All university website content must conform to Web Content Accessibility Guidelines 2.0, Level AA. Information Technology Services provides training and support through the IT Accessibility group. For more information, contact Todd Weissenberger (

3. Security Framework

Institutional data--things like health or personnel records, financial reports, grades, or research files--is classified by level of sensitivity (low, moderate, high) and must comply accordingly with specific laws and procedures. This policy outlines the principles that guide institutional operations in protecting and sharing confidential information. It addresses data disposal, data on mobile devices, preventive measures, backup and recovery, access control measures, and audits documenting access to the data.

4. Institutional Data

Access to institutional data is limited to those who need it for business purposes. Confidentiality is required for sensitive data, and security measures must be in place to protect data from unauthorized modification, destruction, or disclosure. Please familiarize yourself with the data types and requirements for each. An Institutional Data Users Group (IDUG) was formed to offer guidance. For details, visit


For a full list of IT security policies and training materials are available at questions, please contact the Information Security & Policy Office at