Policies and Standards

Information Security Policies and Standards

Consistent university Information Security policies and supporting standards provide a common approach to compliance, regulatory and operational requirements and support the university in its research and academic missions. UofL's completely revised Information Security Policies and Standards were approved by the Compliance Oversight Council on July 23, 2007.

Policies and Standards Contents

1. Statement of the Executive Vice President and University Provost, Shirley C Willihnganz
2. A common foundation
3. Policy and Standard review and adoption process
4. Policies and Standards
   • Overview
   • Who Should Know What
   • Definitions
   • ISO PS001 Information Security Responsibility
   • ISO PS002 Business Continuity and Disaster Recovery
   • ISO PS003 Intellectual Property
   • ISO PS004 Policy Exception Management Process
   • ISO PS005 Sanction Policy
   • ISO PS006 Security Incidents
   • ISO PS007 User Accounts and Acceptable Use
   • ISO PS008 Passwords
   • ISO PS009 Data Facility Security
   • ISO PS010 Network Service
   • ISO PS011 Web Page Guidelines Rev
   • ISO PS012 Workstation and Computing Devices
   • ISO PS013 Server Computing Devices
   • ISO PS014 Protection from Malicious Software
   • ISO PS015 Backup of Data
   • ISO PS016 Inventory and Tracking of Computing Devices
   • ISO PS017 Enterprise Firewalls
5. Related Information Security Office Services
   • Consulting, education, training and awareness programs
6. Download versions of the above documents for off-line use

Note: Archival copies of the Information Security Polices and Standards are located on the ISO Docushare site.