In an effort to assist in developing important security policy, below you will find examples of institutional information security policies.
General Information Security Policies
EDUCAUSE Security Policies Resource Page (General)
University of California at Los Angeles (UCLA) Electronic Information Security Policy
Carnegie Mellon Information Security Roles and Responsibilities
Privacy Policies
University of Texas Health Science Center at San Antonio Information Resources Privacy Policy
University of Miami School of Medicine: Privacy/Data Protection Project
Acceptable Use Policies
University of Texas Health Science Center at San Antonio Acceptable Use Policy
University of Minnesota Acceptable Use of information Technology Resources Policy
University of Texas Health Science Center at San Antonio Internet Use Policy
University of North Carolina at Greensboro Blackboard Use Policy
Data Classification and Governance
State of Texas Department of Information Resources Data Classification Guide
University of Texas Health Science Center at San Antonio Data Classification Policy
SSNs
Encryption
Disposal of Computers, Hard Drives
EDUCAUSE Guidelines for Data Media Sanitization and Disposal
University of Texas Health Science Center at San Antonio Storage Media Control Policy
Carnegie Mellon Guidelines for Data Sanitization and Disposal
Identity and Access Management Policies
Stanford University Identification and Authentication Policy
Virginia Tech Administrative Data Management and Access Policy
University of Texas Health Science Center at San Antonio Administrative and Special Access Policy
Carnegie Mellon Guidelines for Appropriate Use of Administrator Access
Passwords
Physical Access
University of Texas at Austin University Data Center Security Policy
University of Texas at Austin University Identification Card Guidelines
University of Texas Health Science Center at San Antonio Physical Security for Electronic Information Resources
Cornell University Responsible Use of Video Surveillance Systems
Incident Management and Response
University of Iowa Computer Security Breach Notification Policy
UCLA Notification of Breaches of Computerized Personal Information Policy
University of Minnesota Reporting and Notifying Individuals of Security Breaches Policy
Backup and Data Recovery
Email and Instant Messaging
State of Texas Department of Information Resources Internet and Email Domain Name Policy
University of Texas Health Science Center at San Antonio Electronic Mail Use and Retention Policy
University of Texas at Austin University Electronic Mail Student Notification Policy (Use of E-mail for Official Correspondence to Students)
Carnegie Mellon Instant Messaging Security and Use Guidelines
Social Media
Cloud Computing
Technology Procurement
Mobile Device Policies
University of Texas Health Science Center at San Antonio Portable Computing Policy
University of Oregon Mobile Device Security Policy Recommendations and Questions
University of Pennsylvania Server-Managed Personal Digital Assistant (PDA) Policy with Disclaimer
Minimum Security Requirements Network Devices
University of Texas at Austin Minimum Security Standards for Systems
University of Minnesota Basic Security for Computers and Other Electronic Device
Networking Policies
University of Texas Health Science Center at San Antonio Network Access Policy
University of California at Berkeley Guidelines and Procedures for Blocking Network Access
Firewall Maintenance
VPN Usage
Web Application Security Policies
SQL Databases and Proxy Servers
Application Service Provider
Research Application Hosting
File Sharing
Risk Management
Security Monitoring
Security Training
DNS Policies
Copyright
PCI
University of Texas at Austin Minimum Security Standards for Merchant Payment Card Processing
Stanford University Credit Card Acceptance and Processing Policy
Software Licensing
EDUCAUSE Campus Licensing Policies
University of Texas Health Science Center at San Antonio Software Policy
Looking for More Sample Policies?
See the EDUCAUSE library collection of sample policies from colleges and universities, including policies on privacy, passwords, data classification, security, e-mail, and many more.
Top of page
Questions or comments? Contact us.
Except where otherwise noted, this work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License (CC BY-NC-SA 4.0).