IUP IT Security is governed via a distributed set of policies, procedures, and guidelines some of which in turn refer to both internal and external laws and policies that impact IT security at the university.

This distributed approach results from the fact that a number of broad governing policies, etc. (such as a variety of laws, general university policies, employment terms/CBA, the student handbook, FERPA regulations, IUP's Gramm-Leach-Bliley Information Security Plan, and IUP Retention of University Records Policy) include elements that apply to IT security. Therefore, any attempt to create an all-encompassing IT Security Policy would run the risk of including conflicting and/or inaccurate components as those broader policies, etc. would change over time and/or new governing policies, etc. are introduced.

Any IT security-specific policy, procedure, or guideline is created when these broad policies, etc. fail to address needs. Examples include the Acceptable Use of Information Technology Resources and the Information Protection policies, the Enhanced PC User Privilege Procedure, and the Mobile Device Security Guidelines.

The creation of IT security-specific policies, procedures, and guidelines are overseen by the chief information officer (CIO) or their designee. The CIO is responsible for escalating IT security-related policies to the Senate Library and Educational Services (LESC) Committee for action, with approval by the full Senate. Related procedures and guidelines do not require Senate review.

Details concerning duties and responsibilities, enforcement methods, or potential sanctions for IT security activities across different roles and organizations are contained in the various policies, procedures, and guidelines.

IUP's IT Security Office is responsible for maintaining IT security policies, procedures, and guidelines to ensure that each remains accurate and effective. Although IUP does not have a single information security officer, the IT Security Office is also responsible for fielding inquiries related to information security and routing inquiries to the appropriate governing entities depending upon which policy, procedures, and/or guidelines are relevant.

University IT Policies

A collection of IUP IT policies can be found in this section. These policies are official IT policies that have been approved by the university.

Guidelines

IT Services has posted a few general guidelines that should be followed.

Procedures

Information about procedures used by IT Services to manage technology resources. 


Related Information

Confidential Information Addendum for Contractors

Information Security Awareness Handout

Information Protection Procedures

Click-Though Agreement - PaSSHE

FERPA- Links to the FERPA page on the Office of the Registrar's site.