IT Policies and Guidelines

Policies define how ITS will approach security, how employees (staff/faculty) and students are to approach security, and how certain situations will be handled.

This web page lists many university IT policies, it is not an exhaustive list. Laws, policies, and regulations not specific to information technology may also apply.

UNIVERSITY OF CALIFORNIA IT POLICIES

• University of California IS-3 Electronic Information Security Policy
• University of California IS-12 IT Recovery Policy
• University of California IT Policies
• University of California Electronic Communications Policy (ECP)
• Digital Copyright Protection at the University of California
• Management Guide for Information Security
• UC Business and Finance Bulletins -- IS Series - Information Systems
• President Yudof's Statement on Social Security Numbers - Feb. 10, 2010 (PDF)
• BUS-80: Insurance Programs for Institutional Information Technology Resources  (PDF)
• Gender Recognition & Lived Name Policy

UCSC IT POLICIES AND PROCEDURES

• Campus Policies:
  • IT-0001: HIPAA Security Rule Compliance Policy 
  • IT-0003: Policy for Acceptable Use of UCSC Electronic Information Resources ("Acceptable Use Policy" or "AUP") 
  • UCSC Implementation of the UC Electronic Communications Policy (ECPI)
    • Electronic Communications Annual Report

• Procedures supporting the above campus policies:
  • Understanding UCSC's Minimum Network Connectivity Requirements
  • UCSC Password Strength and Security Standards
  • Access Without Consent Process and Form
  • Notice about Access to Records upon Employee Separation 
  • ITS Routine System Monitoring Practices 
  • Scanning for Personally Identifiable Information (PII) on Campus Systems
    
  • Implementing UCSC's HIPAA Security Rule Compliance Policy 
  • Log Procedures 

• Other campus policy statements:
  • PII Inventory and Security Breach Procedures 
  • UC Santa Cruz ResNet Responsible Use Policy 
  • Instructional Computing Lab Policy Summary
  • Electronic Official Communications Statement

PROTECTING RESTRICTED DATA

Protection of Social Security Numbers

• Practices for Protecting Electronic Restricted Data
• Encryption Information
• Access to Information Statement

ADDITIONAL PRACTICES, PROCEDURES AND GUIDELINES

• Data Security Contract Language
• Digital Millennium Copyright Act (DMCA) at UC Santa Cruz
• Use of Third Party and Cloud Services
• UCSC Plan for Combating Unauthorized Distribution of Copyrighted Materials
• Procedures for Blocking Network Access 
• Payment Card Industry Data Security Standard (PCI DSS) Compliance at UCSC
• Remote Access Requirements
• Secure Browser Settings
• ITS Privacy Statement for User Experience Research

ITS DIVISIONAL POLICIES

• ITS Commercial Endorsement Policy
• ITS Policy Regarding Personally Identifiable Information (PII)
• Instructions for information requests from FBI/Federal Law Enforcement
• ITS Sanction Information
• Procedures for responding to compromised computers

OTHER RESOURCES

• UC Systemwide Policies
• UC Santa Cruz Policies and Procedures
• Student Policies and Regulations Handbook
• Title IX/Sexual Harassment Office
• University Police

LOCAL, STATE, FEDERAL LAWS

• United States Code
• California legislative information
• United States Copyright Office

UCSC IT RESCINDED POLICIES AND PROCEDURES

• IT-0002: Password Policy
• IT-0004: Minimum Network Connectivity Requirements Policy 
• IT-0005: Log Policy