Default image

Access to Faculty or Staff Email, Files, or Systems Policy

The policy and associated guidance provide a well-defined and organized approach for access to faculty or staff electronic information or systems at WashU.

Default image

Application Security Policy

The policy and associated guidance provide an organized approach for all instances and stages of development initiated for WashU departments or schools.  Based on the project requirements applications are developed in-house, with a third party, or commercial off the shelf (COTS). This policy will cover all instances to ensure the appropriate security controls are implemented for applications developed for WashU.

Default image

Computer Use Policy

This policy and associated guidance provide direction for appropriate use of computer systems, networks, and information at WashU.

Default image

Data Center Policy

The policy and associated guidance provides an outline of the physical and logical security controls needed to reduce the risk of unauthorized access or use of systems in a WashU data center.

Default image

Electronic Messaging Security Policy

The policy and associated guidance provide direction for electronic messages (i.e. email, chat, and other electronic messages) containing WashU confidential and/or protected information.

Default image

Encryption Policy

The policy and associated guidance provide the practices WashU will utilize to protect the integrity and confidentiality of information stored, transmitted, transferred to portable media, and sent through messaging systems to entities external to the university.

Default image

Exception Policy

The policy and associated guidance provide a well-defined approach to review exception requests for published WashU Information Security policies, standards, and guidelines.

Default image

Incident Reporting Policy

The policy and associated guidance provide a well-defined, organized approach for reporting any potential threat to confidentiality, availability, and/or integrity of the computer equipment or information at WashU.

Default image

Incident Response Policy

The policy and associated guidance provide a well-defined and organized approach for handing any potential threat to computers and data.

Default image

Information Classification Policy

The policy and associated guidance provide the identification and classification of information created, stored, and/or transmitted.

Default image

Information Security Controls Policy

The policy and associated guidance provide a well-defined and organized approach for compliance with identified security controls.

Default image

Information Security Policy

The policy and associated guidance provide management direction and support for the information security program in accordance with university requirements, relevant laws, and regulations.

Default image

Information Security Risk Management Policy

The policy and associated guidance provide a common methodology and organized approach to Information Security risk management whether based on regulatory compliance requirement or a threat to the university.

Default image

Information Security Training and Awareness Policy

The policy and associated guidance provide an organized security awareness and training program that will inform WashU of relevant and recent security topics.

Default image

Infrastructure Security Policy

The policy and associated guidance provide the WashU computing community directives to help ensure integrity, confidentiality, and availability of information and provide a safe computing environment. All network assets, systems, computing devices, services, and operating personnel will be in scope for this policy. This includes network infrastructure components, network management and service systems, WashU faculty, staff, and students.

Default image

Litigation Hold Policy

The policy and associated guidance provide a well-defined approach to notify, identify, collect, and retain electronic information relevant to requests from the Office of the Executive Vice Chancellor and General Counsel (OGC) for preservation or collection of electronic information.

Default image

Managing Access Policy

The policy and associated guidance provide a well-defined and organized approach to facilitate access being granted, managed, and reviewed based on the roles of each computer user while remaining compliant with regulatory mandates.

Default image

Media Reuse and Disposal Policy

The policy and associated guidance provide requirements for reuse or disposal of WashU systems containing protected or confidential information.

Default image

Mobile Device Security Policy

The policy and associated guidance provide methods of protection for all mobile computing and storage devices that contain or access protected or confidential information resources at WashU.

Default image

Password Policy

The policy and associated guidance provide direction for authentication to WashU systems and network.

Default image

Personal Device Security Policy

The policy and associated guidance provide requirements for using personal devices to access, create, host, and transmit confidential and/or protected information.

Default image

Roles and Responsibilities Policy

This policy and associated guidance establish the roles and responsibilities within WashU, which is critical for effective communication of information security policies and standards. Roles are required within the organization to provide clearly defined responsibilities and an understanding of how the protection of information is to be accomplished. Their purpose is to clarify, coordinate activity, and actions necessary to disseminate security policy, standards, and implementation.

Default image

Vulnerability Management Policy

This policy and associated guidance cover a well-defined and organized approach for vulnerability management to reduce infrastructure risks and integrate with patch management. To ensure confidentiality, integrity, and availability of WashU systems Office of Information Security (OIS) and Information Technology (IT) will develop a documented vulnerability management process for the efficient and effective assessment and mitigation of IT infrastructure risks.