Policies

List of requirements by impacted audience for Policy 100: Information Security Program.

List of requirements by impacted audience for Policy 101: Information Security Status Monitoring, Reporting, and Review.

List of requirements by impacted audience for Policy 107: Information Security Business Continuity and Disaster Recovery

List of requirements by impacted audience for Policy 109: Information Security Incident Reporting, Response, and Recovery

List of requirements by impacted audience for Policy 110: Information Technology Change Control and Management

The policy and associated guidance provide a well-defined and organized approach for access to faculty or staff electronic information or systems at WashU.

The policy and associated guidance provide an organized approach for all instances and stages of development initiated for WashU departments or schools.  Based on the project requirements applications are developed in-house, with a third party, or commercial off the shelf (COTS). This policy will cover all instances to ensure the appropriate security controls are implemented for applications developed for WashU.

This policy and associated guidance provide direction for appropriate use of computer systems, networks, and information at WashU.

The policy and associated guidance provides an outline of the physical and logical security controls needed to reduce the risk of unauthorized access or use of systems in a WashU data center.

The policy and associated guidance provide direction for electronic messages (i.e. email, chat, and other electronic messages) containing WashU confidential and/or protected information.

The policy and associated guidance provide the practices WashU will utilize to protect the integrity and confidentiality of information stored, transmitted, transferred to portable media, and sent through messaging systems to entities external to the university.

The policy and associated guidance provide a well-defined approach to review exception requests for published WashU Information Security policies, standards, and guidelines.

The policy and associated guidance provide a common methodology and organized approach to Information Security risk management whether based on regulatory compliance requirement or a threat to the university.

The policy and associated guidance provide the WashU computing community directives to help ensure integrity, confidentiality, and availability of information and provide a safe computing environment. All network assets, systems, computing devices, services, and operating personnel will be in scope for this policy. This includes network infrastructure components, network management and service systems, WashU faculty, staff, and students.

The policy and associated guidance provide a well-defined approach to notify, identify, collect, and retain electronic information relevant to requests from the Office of the Executive Vice Chancellor and General Counsel (OGC) for preservation or collection of electronic information.

The policy and associated guidance provide a well-defined and organized approach to facilitate access being granted, managed, and reviewed based on the roles of each computer user while remaining compliant with regulatory mandates.

The policy and associated guidance provide requirements for reuse or disposal of WashU systems containing protected or confidential information.

The policy and associated guidance provide methods of protection for all mobile computing and storage devices that contain or access protected or confidential information resources at WashU.

The policy and associated guidance provide direction for authentication to WashU systems and network.

The policy and associated guidance provide requirements for using personal devices to access, create, host, and transmit confidential and/or protected information.

This policy and associated guidance cover a well-defined and organized approach for vulnerability management to reduce infrastructure risks and integrate with patch management. To ensure confidentiality, integrity, and availability of WashU systems Office of Information Security (OIS) and Information Technology (IT) will develop a documented vulnerability management process for the efficient and effective assessment and mitigation of IT infrastructure risks.