Policies

This policy is the foundation of the policy library and provides a rationale for the directives communicated in all other information security policies.

This policy communicates logging requirements for academic, clinical, administrative, research, and technical information security activities at WashU.

This policy outlines the process for granting, managing, and reviewing access to university systems and data based on user roles during normal and emergency operations at Washington University in St. Louis (WashU).

This policy outlines security expectations for all devices (e.g., laptops, mobile phones, thumb drives, external hard drives, etc.) that access the information resources of Washington University in St. Louis (WashU) and includes specific details for devices handling WashU Protected Data and Information.

This policy communicates the core principles and objectives for information security vulnerability management, including planning, detection, mitigation, and patching.

This policy describes how the Office of Information Security (OIS) helps manage technical and process risks to the Confidentiality, Integrity, and Availability (CIA) of information resources at Washington University in St. Louis (WashU).

This policy provides guidance and directives to the computing community at Washington University in St. Louis (WashU) to ensure the ongoing Confidentiality, Integrity, and Availability (CIA) of our information resources.

This policy communicates the expectations for developing, maintaining, and practicing risk-based plans for Information Technology Business Continuity (ITBC) and Information Technology Disaster Recovery (ITDR).

This policy describes how the Office of Information Security (OIS) handles requests for access to content created by active or former WashU Community members.

This policy communicates a planned and systematic approach to incident handling from reporting to recovery and analysis.

This policy outlines processes for maintaining the security and integrity of information assets throughout their lifecycles.

This policy establishes secure application development and procurement practices for departments and schools at Washington University in St. Louis (WashU).

This policy outlines expectations for the appropriate use of WashU-provided information resources, ensuring that all WashU Community members understand their responsibilities.

This policy specifies acceptable encryption algorithms for use with Washington University in St. Louis (WashU) data, encryption requirements for WashU Confidential and Protected Data, and acceptable key management practices, following recommendations of the National Institute of Standards and Technology (NIST).

This policy clearly communicates how the OIS handles exception requests when compliance with published policies and standards is not possible.

This policy conveys the commitment of the OIS to the responsible collection, use, and safeguarding of personal information.