IT Policies and Guidelines

Policies define how ITS will approach security, how employees (staff/faculty) and students are to approach security, and how certain situations will be handled.

This web page lists many university IT policies, it is not an exhaustive list. Laws, policies, and regulations not specific to information technology may also apply.

University of California IT Policies

• BUS-80: Insurance Programs for Institutional Information Technology Resources  (PDF)
• Digital Copyright Protection at the University of California
• Gender Recognition & Lived Name Policy
• UC Business and Finance Bulletins - Current Information Security (IS) Bulletins
• University of California Systemwide IT Policies
  • Electronic Communications Policy (ECP)
  • IS-3 Electronic Information Security Policy
  • IS-12 IT Recovery Policy
  • UC Systemwide HIPAA Policies

UC Santa Cruz IT Policies and Procedures

Campus Policies

• IT-0001: HIPAA Security Rule Compliance Policy 
• IT-0003: Policy for Acceptable Use of UCSC Electronic Information Resources ("Acceptable Use Policy" or "AUP") 
• UCSC Implementation of the UC Electronic Communications Policy (ECPI)
  • Electronic Communications Annual Report

Procedures Supporting the Above Campus Policies

• Access Without Consent Process and Form
• ITS Log Procedures 
• ITS Routine System Monitoring Practices 
• UC Santa Cruz HIPAA Security Rule Implementation 
• UC Santa Cruz Minimum Security Requirements
• UC Santa Cruz Password Strength and Security Standards

Other Campus Policy Statements

• Electronic Official Communications Statement
• Instructional Computing Lab Policy Summary
• ITS Privacy Statement for User Experience Research
• PII Inventory and Security Breach Procedures 
• UC Santa Cruz ResNet Responsible Use Policy 

Protecting Information and IT Resources

• Access to Information Statement
• Classification of Information and IT Resources
  
  • Data Protection Levels
  • Data Availability Levels
• Introduction to IS-3: UC's Electronic Information Security Policy
• Introduction to IS-12: UC's IT Recovery Policy
• Practices for Protecting Electronic P3-P4 Data

Additional Practices, Procedures, and Guidelines

• Data Security Contract Language
• Digital Millennium Copyright Act (DMCA) at UC Santa Cruz
• Payment Card Industry Data Security Standard (PCI DSS) Compliance at UCSC
• Procedures for Blocking Network Access 
• Secure Browser Settings
• UCSC Plan for Combating Unauthorized Distribution of Copyrighted Materials
• Use of Third Party and Cloud Services

ITS Divisional Policies

• Procedures for responding to compromised computers

Other Resources

• Student Policies and Regulations Handbook
• UC Systemwide Policies
• UC Santa Cruz Policies and Procedures
• Campus Resources:
  • Office of Campus Counsel
  • Privacy & Information Practices Office
  • Title IX/Sexual Harassment Office
  • Records & Information Management
  • University Police

Local, State, Federal Laws

• California Legislative Information
• United States Code
• United States Copyright Office

UC Santa Cruz IT Rescinded Policies and Procedures

• IT-0002: Password Policy
• IT-0004: Minimum Network Connectivity Requirements Policy 
• IT-0005: Log Policy 
• IT-0006: Digital Certificate Policy