Computing policies, standards and associated guidelines are formulated to direct and guide University practices, to help ensure compliance with laws, regulations and requirements, and to assist the University in reaching long-term goals. By establishing specific requirements for all members of the university community, policies and standards connect the university's mission to individual conduct, institutionalize impartial expectations, mitigate institutional risk, and enhance productivity and efficiency in the university's operations.
Policy and Standard Development
Newly created policies and standards, or changes to existing ones, can be triggered by a variety of factors, such as:
- A change in law, rule or regulation
- A weakness in the current structure
- To correct behavior or reduce risk
- An organizational change
- To streamline operations
- A new technical opportunity
- Periodic review and updates
The University Information Security Office is charged with review of draft policies and standards and assists with vetting of their proposals. IT standards are reviewed as needed by the Records Manager Officer, CISO, and CIO.
For background or information on these policies, or to provide feedback on drafts, please contact Kate Rhodes, Chief Information Security Officer, at kprhodes@go-rutgers.com.
Policies
University Policies are statements of management philosophy and direction, established to provide direction and assistance to the university community in the conduct of university mission and objectives. The following University policies address information technology:
- 3500: Use of Computing Resources
- 3501: Information Technology Access Control
- 3502: Information Technology Infrastructure, Architecture, and Ongoing Operations
- 3504: Data Administration Policy
- 3505: Information Technology Security Policy
- 3506: Electronic Communication Policy for Official University Business
- 3507: Information Technology Accesibility Policy
- 3508: Information Technology Project Management
- 3509: Software Decision Analysis Policy
Standards, Procedures and Guidelines
IT Standards specify requirements for becoming compliant with University IT policies, other university policies, as well as applicable laws and regulations. Standards may include technical specifications and are mandatory.
Procedures and guidelines are methods for complying with prescribed standards developed by ITS operational units. These normally include step-by-step instructions and useful or required forms. These procedures and guidelines should be followed to ensure compliance with all standards and policies.
For reasons of security or content, many procedures and guidelines are not published; however, such procedures may be requested and provided upon request from the operational unit. The procedures and guidelines that are published are intended to give direction to system owners, data owners and users in particular situations.