Policies

The policy and associated guidance provide a well-defined and organized approach for access to faculty or staff electronic information or systems at WashU.

The policy and associated guidance provide an organized approach for all instances and stages of development initiated for WashU departments or schools.  Based on the project requirements applications are developed in-house, with a third party, or commercial off the shelf (COTS). This policy will cover all instances to ensure the appropriate security controls are implemented for applications developed for WashU.

This policy and associated guidance provide direction for appropriate use of computer systems, networks, and information at WashU.

The policy and associated guidance provides an outline of the physical and logical security controls needed to reduce the risk of unauthorized access or use of systems in a WashU data center.

The policy and associated guidance provide direction for electronic messages (i.e. email, chat, and other electronic messages) containing WashU confidential and/or protected information.

The policy and associated guidance provide the practices WashU will utilize to protect the integrity and confidentiality of information stored, transmitted, transferred to portable media, and sent through messaging systems to entities external to the university.

The policy and associated guidance provide a well-defined approach to review exception requests for published WashU Information Security policies, standards, and guidelines.

The policy and associated guidance provide a well-defined, organized approach for reporting any potential threat to confidentiality, availability, and/or integrity of the computer equipment or information at WashU.

The policy and associated guidance provide a well-defined and organized approach for handing any potential threat to computers and data.

The policy and associated guidance provide the identification and classification of information created, stored, and/or transmitted.

The policy and associated guidance provide a well-defined and organized approach for compliance with identified security controls.

The policy and associated guidance provide management direction and support for the information security program in accordance with university requirements, relevant laws, and regulations.

The policy and associated guidance provide a common methodology and organized approach to Information Security risk management whether based on regulatory compliance requirement or a threat to the university.

The policy and associated guidance provide an organized security awareness and training program that will inform WashU of relevant and recent security topics.

The policy and associated guidance provide the WashU computing community directives to help ensure integrity, confidentiality, and availability of information and provide a safe computing environment. All network assets, systems, computing devices, services, and operating personnel will be in scope for this policy. This includes network infrastructure components, network management and service systems, WashU faculty, staff, and students.

The policy and associated guidance provide a well-defined approach to notify, identify, collect, and retain electronic information relevant to requests from the Office of the Executive Vice Chancellor and General Counsel (OGC) for preservation or collection of electronic information.

The policy and associated guidance provide a well-defined and organized approach to facilitate access being granted, managed, and reviewed based on the roles of each computer user while remaining compliant with regulatory mandates.

The policy and associated guidance provide requirements for reuse or disposal of WashU systems containing protected or confidential information.

The policy and associated guidance provide methods of protection for all mobile computing and storage devices that contain or access protected or confidential information resources at WashU.

The policy and associated guidance provide direction for authentication to WashU systems and network.

The policy and associated guidance provide requirements for using personal devices to access, create, host, and transmit confidential and/or protected information.

This policy and associated guidance establish the roles and responsibilities within WashU, which is critical for effective communication of information security policies and standards. Roles are required within the organization to provide clearly defined responsibilities and an understanding of how the protection of information is to be accomplished. Their purpose is to clarify, coordinate activity, and actions necessary to disseminate security policy, standards, and implementation.

This policy and associated guidance cover a well-defined and organized approach for vulnerability management to reduce infrastructure risks and integrate with patch management. To ensure confidentiality, integrity, and availability of WashU systems Office of Information Security (OIS) and Information Technology (IT) will develop a documented vulnerability management process for the efficient and effective assessment and mitigation of IT infrastructure risks.