The University of Chicago | IT Policies and Standards
Acceptable Use Policy – Describes the policy governing the use of information technology at the University and answers frequently asked questions about the AUP.
Computer Account and Email Requirements for University Employees Policy – Describes the policy for employee access to online University administrative systems.
Digital Accessibility Policy – Describes improvements to the user experience for those with disabilities and clarifies the goals for site owners who have already taken steps to make their content and websites accessible.
End-User Device Policy – Describes specific steps for securing computers and other electronic devices from misuse or theft.
File Sharing Policy – Describes the file sharing policy for sharing copyrighted materials on the University network.
Information Technology Resources and Account Privacy Policy – The purpose of this policy is to articulate the University’s responsibilities and obligations when preserving, accessing, or disclosing information from University information technology resources. If you have questions, please review the frequently asked questions at the end of the page.
Information Security Policy – The Information Security Policy (the “Policy”) sets forth a set of requirements for ensuring security and protecting the confidentiality, integrity, and availability of University information technology resources and data.
New Information Technologies and Intellectual Property at the University – Describes the basic principles surrounding new information technologies and intellectual property at the University.
Research Data Protection Policy – Describes roles and responsibilities to promote good research practices and mitigate the risks associated with improper treatment of research data.
Social Security Number Digital Usage Policy – Describes usage and remediation guidelines for the use of Social Security Numbers (SSN) in digital form.
Web Properties Management Policy – Describes good web property management practices and addresses the risks associated with the management of web properties, including security, accessibility, naming requirements, and registration.
Written Information Security Program (WISP) – Outlines the University’s policies, procedures, and controls for protecting sensitive information. It is required to comply with the Gramm-Leach-Bliley Act (GLBA), General Data Protection Regulation (GDPR), Health Insurance Portability and Accountability Act (HIPAA), and state data security laws. The WISP Addendum addresses specific University of Chicago Medical Center (UCMC) requirements for the WISP.
Standards
Authenticating University of Chicago Users Standard – Describes the protection of the University’s network and the security and privacy of any data that is either critical to the business of the University or legally required to be protected by the University.
Commercial and Political Use of IT Resources Standard – Describes that University IT Resources shall not be used commercially for private gain or for certain political campaign activities or University networks or network services (such as email or web servers on University networks) to conduct private commercial business.
Data Classification Standard – Describes the classification of confidential information and assigns corresponding roles and responsibilities.
IT Services Authentication Services Standard – Describes the protection of the University’s network and the security and privacy of any data that is either critical to the business of the University or legally required to be protected by the University and whose access is controlled through IT Services supported authentication services.
Placement of Computing Devices in Network Security Zones Standard – Describes the criteria used to determine how devices are placed into network security zones.
Port Monitoring Standard – Describes the request methods and limitations on port monitoring.
Redirection of University Domain Names to External Networks Standard – Describes the approval process for pointing a domain name to an external network.
Requirements for Managed (Hardware) Firewalls Standard – Describes rules for installing firewalls and devices that provide network address translation installed on the University’s network.
Research Data Center Standard – Describes the management of research data center resources to ensure optimal and equitable allocation of resources and hardware update requirements to increase power usage efficiency.
Sanitization of Digital Storage Media Standard – Describes the mandatory processes for sanitizing various storage devices.
UChicago ID Usage Standard – Describes usage guidelines for the ChicagoID.
Use of External Service Providers – Describes the standards for using third-party technology providers for data storage and transmission.
Use of Non-uchicago.edu Domain Names Standard – Describes the circumstances under which any domain name other than uchicago.edu can be used on the University network.