Security & Technology Policies and Guidelines

Home UCSC Information Security Security & Technology Policies and Guidelines

Policies form the foundation of any security infrastructure. Policies define how ITS will approach security, how employees (staff/faculty) need to approach security, how students are to approach security, and how certain situations will be handled.

While this document lists many of the university policies, but is not an exhaustive or complete list. New regulations, policies and procedures are constantly evolving. Laws, policies, or other regulations on aspects not specific to networks or computing may apply, e.g.: student conduct, personnel policy or contract, sexual harassment, chain letter laws, or other regulations.

• University of California policies and guidelines
• UC Santa Cruz policies and guidelines
• Other General UC or UCSC Policies
• Local, State, or Federal laws
• UCSC Drafts

University of California policies and guidelines specific to computer/network resources:

• University of California IT Policies
• University of California Electronic Communications Policy
• Digital Copyright Protection at the University of California
• Management Guide for Information Security
• UC Business and Finance Bulletins -- IS Series - Information Systems

UC Santa Cruz policies and guidelines specific to computer/network resources:

       UCSC Electronic Information Policy Framework Diagram (PDF)
       Log of Policy Updates
       Glossary of selected terms in UCSC IT-related policies, procedures and guidelines

IT-Related Policies

• Policy for Acceptable Use of UCSC Electronic Information Resources ("Acceptable Use Policy")
• UCSC Minimum Network Connectivity Requirements - Adopted Mar 09
• UCSC Password Policy
  • UCSC Password Strength and Security Standards
• UC Santa Cruz ResNet Responsible Use Policy
• Instructional Computing Lab Policy Summary
• HIPAA Security Rule Compliance Policy

Protecting Restricted Data

• Practices for Protecting Electronic Restricted Data
  • "Quick-Reference"
• UCSC Implementation Plan for Protection of Electronic Restricted Data (Security Breach Procedures)
• Protection Matrix
• IS-3 Assessment Template (Excel)
• Security Issue Matrix (Word)
• University Administrative Information Systems, Access to Information Statement
  (all individuals with access to restricted data should read and sign)

The Electronic Communications Policy (ECP) at UC Santa Cruz

• Draft UCSC Implementation of the UC Electronic Communications Policy
• "Access Without Consent" Process and Form (PDF) - Rev. Jul 09
• ITS Routine System Monitoring Practices
• SSN Scanning Methodology

Additional Practices, Procedures and Guidelines

• Electronic Official Communications Statement
• Guidelines and Procedures for Blocking Network Access
• Digital Millennium Copyright Act (DMCA) at UC Santa Cruz
• Remote Access Guidelines
• Payment Card Industry Data Security Standard (PCI DSS) Compliance at UCSC
• Data Security Contract Language
• Secure Browser Settings

Information Technology Services (ITS) Divisional Policies

• ITS Commercial Endorsement Policy
• ITS Policy Regarding Personal Identity Information (PII)
• Instructions for information requests from FBI/Federal Law Enforcement
• ITS Sanction Information

Other General UC or UCSC Policies and Resources:

• UC Systemwide Policies and Guidelines
• UC Santa Cruz Policies and Procedures
• Student Policies and Regulations Handbook
• Title IX/Sexual Harassment Office
• University Police

Local, State, or Federal laws

• United States Code from the Office of the Law Revision Counsel under the U.S. House of Representatives
• California legislative information, maintained by the Legislative Counsel of California
• United States Copyright Office

Draft UC Santa Cruz Information Technology policies, guidelines, and practices
        Please forward feedback to itpolicy@ucsc.edu

• Draft UCSC Implementation of the UC Electronic Communications Policy - Campus input period ended 6/5/09
• Use of Free/Low Cost IT Services - updated 6/9/09
• Draft Guidance for use of SSL certificates at UCSC - updated 12/11/09
• Expanded Practices for Protecting Electronic Restricted Data, Management section - updated 7/14/08
• Roles and Responsibilities for UCSC Electronic Information Resources (PDF) - ON HOLD: updated 1/31/08