Information Security Policy Examples
These examples of information security policies from a variety of higher ed institutions will help you develop and fine-tune your own.
General Information Security Policies
-
EDUCAUSE Security Policies Resource Page (General)
-
University of California at Los Angeles (UCLA) Electronic Information Security Policy
Privacy Policies
-
University of California Office of the President Privacy Policies and References
-
University of Texas Health Science Center at San Antonio Information Resources Privacy Policy
Acceptable Use Policies
-
University of Texas Health Science Center at San Antonio Acceptable Use Policy
-
University of Minnesota Acceptable Use of information Technology Resources Policy
-
Purdue University Acceptable Use of IT Resources and Information Assets Policy
Data Classification and Governance
-
University of Texas Health Science Center at San Antonio Data Classification Policy
-
Purdue University Data Classification and Handling Procedures
SSNs
Encryption
Disposal of Computers, Hard Drives
-
EDUCAUSE Guidelines for Data Media Sanitization and Disposal
-
University of Texas Health Science Center at San Antonio Storage Media Control Policy
-
Carnegie Mellon Guidelines for Data Sanitization and Disposal
Identity and Access Management Policies
-
Purdue University Authentication, Authorization, and Access Controls Policy
-
Stanford University Identification and Authentication Policy
-
Virginia Tech Administrative Data Management and Access Policy
-
University of Texas Health Science Center at San Antonio Administrative and Special Access Policy
-
Carnegie Mellon Guidelines for Appropriate Use of Administrator Access
Passwords
Physical Access
-
University of Texas at Austin University Identification Card Guidelines
-
Cornell University Responsible Use of Video Surveillance Systems
-
Virginia Tech Safety and Security Camera Acceptable Use Policy
Incident Management and Response
-
UCLA Notification of Breaches of Computerized Personal Information Policy
-
University of Cincinnati Incident Response Procedure and Guidelines
-
University of Northern Iowa Information Security Incident Response Policy
-
NIST SP 800-61 REv. 2 Computer Security Incident Handling Guide
Backup and Data Recovery
Email and Instant Messaging
-
University of Texas Health Science Center at San Antonio Electronic Mail Use and Retention Policy
-
University of Texas at Austin University Electronic Mail Student Notification Policy (Use of E-mail for Official Correspondence to Students)
-
Carnegie Mellon Instant Messaging Security and Use Guidelines
Social Media
Cloud Computing
Technology Procurement
Mobile Device Policies
-
University of Texas Health Science Center at San Antonio Portable Computing Policy
-
University of Oregon Mobile Device Security and Use Policies
Minimum Security Requirements Network Devices
Networking Policies
-
University of Texas Health Science Center at San Antonio Network Access Policy
-
University of California at Berkeley Guidelines and Procedures for Blocking Network Access
Firewall Maintenance
VPN Usage
Web Application Security Policies
SQL Databases and Proxy Servers
Application Service Provider
Research Application Hosting
File Sharing
Risk Management
-
Appalachian State University Information Security Risk Management Standard
-
University of California Office of the President Risk Assessment Toolbox
-
University of Minnesota Information Security Risk Management Policy
-
University of Virginia Information Security Risk Management Standard
-
UT Health Science Center at San Antonio Electronic Information Security Risk Management Policy
Security Monitoring
Security Training
DNS Policies
Copyright
PCI
-
University of Texas at Austin Minimum Security Standards for Merchant Payment Card Processing
-
Stanford University Credit Card Acceptance and Processing Policy
Software Licensing
-
EDUCAUSE Campus Licensing Policies
-
University of Texas Health Science Center at San Antonio Software Policy
See the EDUCAUSE library collection of sample policies from colleges and universities, including policies on privacy, passwords, data classification, security, e-mail, and many more.
Top of page
Questions or comments? Contact us.
Except where otherwise noted, this work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License (CC BY-NC-SA 4.0).