Policies

The Office of Information Security is responsible for ensuring the confidentiality, integrity, and availability of data and resources across our campuses. Policies are regularly posted and updated to assist in minimizing the security risk to university data and systems. Please revisit these policies often to be sure your department or office is aligned with the practices and requirements that make Washington University systems safe and secure for all users.

Information Security Policies, Standards and Guidelines

Policies

Access to Faculty or Staff Email Files or Systems Policy

Application Security Policy

Computer Use Policy

Data Center Policy

Electronic Messaging Policy

Encryption Policy

Exception Policy

Information Classification Policy

Information Security Policy

Information Security Controls Policy

Information Security Risk Management Policy

Information Security Training and Awareness Policy

Infrastructure Security Policy

Incident Reporting Policy

Incident Response Policy

Litigation Hold Policy

Managing Access Policy

Media Reuse and Disposal Policy

Mobile Device Security Policy

Password Policy

Personal Device Security Policy

Roles and Responsibilities Policy

Vulnerability Management Policy

Standards

Access Control Standard

Application Security Standard (Under Review)

Control Zone Standard

Digital Certificate Standard

Encryption Standard

End of Support Standard

Infrastructure Standard

Media Protection Standard

Network Security Standard

System Classification Standard

VPN Standard

Vulnerability Management Standard

Wireless Standard

Guidelines

Firewall Guidelines

Mobile Device Guidelines

Policy Review and Approval Guidelines