Six IT Policies You Need to Know About

Person's hands typing on a laptop computer keyboard
Whether you use a university-provided computer all day or just check your email from time to time, knowing these dos and don’ts will help keep you secure and in good standing.
Friday, April 22, 2022 - 2:21pm

Almost every University of Iowa employee uses university-managed IT resources.

For some, this means occasionally checking their UI-provided email or logging onto Employee Self Service. For others, it means working on a university-owned computer virtually all day.

Whether you’re a light user or a power user, you’re responsible for knowing what you should and shouldn’t do with university-managed hardware, software, and systems.

We summarized the six IT policies every staff and faculty member should know about.

1. Acceptable Use of Information Technology Resources

The foundation for all campus IT policies, the acceptable use policy addresses everyone who uses university-managed technology tools.

Main things to know: Anyone who uses university IT resources must accept a core set of responsibilities.

  • Use university resources primarily for work, minimizing personal use. Personal use becomes problematic when it interferes with your work, stresses systems, or increases operating costs.
  • Avoid prohibited personal uses, including non-work commercial or political activity.
  • Avoid any use that interferes with proper functions of IT resources.
  • Respect the rights of others, including their right to keep their files private.
  • Only access restricted or critical data when you have permission and a need to know.
  • Respect intellectual property. Don’t use others’ work without permission, acknowledgement, etc.
  • Follow all software license requirements. For example, don’t load software you haven’t purchased or licensed.
  • Use the university’s name only as authorized. Don’t create the impression you speak for the university.
  • Follow all other university policies and external laws (see the full policy for details).

Also, remember that while the university doesn’t routinely monitor individual activity, your use of IT resources isn’t completely private.

2. Security Policy

The security policy details practices for keeping data secure and confidential. It defines data-security roles and responsibilities for accessing, sharing, and managing information.

Main things to know:

  • Only authorized users with a need to know should access any data that isn’t public.
  • New technology must be reviewed by ITS prior to use.

3. Institutional Data Policy

The institutional data policy categorizes information managed by the university, identifying different levels of sensitivity. It also addresses data access, backup, and disposal.

Main things to know:

  • Different types of data require different degrees of protection. 
  • Everyone needs to understand the rules that apply to the data they work with.

4. IT Privacy Policy

The privacy policy further addresses how information about individuals is collected, stored, processed, and used. (Read more about IT privacy, policy, and practices.)

Main thing to know:

  • Data from or about specific people merit special care.

5. Device Security Standard

While policies take a high-level view and change infrequently, standards address specifics and get regular updates.

The device security standard offers guidelines for managing computers and other devices connected to campus networks. It includes recommendations for automated system management and other methods for ensuring software stays secure and up to date.

Main things to know:

  • All connected devices—including personal devices—must have anti-virus software configured, run software updates at least monthly, and meet other security standards.
  • Exceptions to the standard must be filed appropriately.

6. Vulnerability Management Standard

The vulnerability management standard establishes practices for identifying and remediating security issues.

University IT pros run regular security scans and other tests, notifying support teams about potential problems. If issues aren’t remediated promptly, affected devices may be isolated from campus networks.

Main thing to know:

  • Security vulnerabilities must be addressed within specified timeframes.

Embracing Your Responsibilities

Many faculty and staff rely on IT professionals for software updates, security checks, and data-access permissions. But it’s important to understand the policies and standards summarized above even if you don’t directly manage the tools you use.

If an IT pro points out a potential issue, take quick action to help address it. Don’t push back—your colleague simply wants to ensure your security and good standing.

For more information, follow the policy links in the summaries above or talk to your local IT support.

Apr
2022
22