IT Policies, Standards, & Guidelines
Protecting university and student information and the systems that collect, process, and maintain this information is of critical importance to the University of Oklahoma. The University is committed to reviewing information security policies and standards to address changes in laws or regulations, audit findings, or university strategic plans or initiatives. The Norman campus Chief Information Security Officer (CISO) is responsible for coordinating the development, approval, and dissemination of Information Security policies, standards, and guidelines.
What is the Process?
The OU IT Policy, Standard, & Procedure Management Program Plan establishes:
- Clear, comprehensive IT policy that applies across the enterprise;
- Opportunities for constituent and stakeholder feedback that shapes effective policy; and
- Timely and efficient progress.
How Do I Participate?
Policies, Standards, & Guidelines open for comments are located on the TDX site. You will need to log in to access them.
**Note: Upon much feedback, the SharePoint commenting process has been moved to TDX for easier use and access. If you're looking for SharePoint information for the Digital Scavenger Hunt, please use the TDX link above. You will still get a point if you already submitted the survey with the SharePoint link. Thank you for all you do, Human Firewalls!
The University of Oklahoma supports an IT Exception process where a particular condition ("an exception") is defined as “a variance from IT Policy or Standard” that occurs after a proposed policy or standard has been released.
Such instances must be documented using the IT Policy and Standards Exception Process by a Business or IT Process Owner owning the risk and approved by an authorized IT Executive (an owner of the IT Policy that governs this policy/standard).
To submit an exception, please fill out the Policy/Standard Exception Form.
What is the Difference between Policies, Standards, & Guidelines?
- Policy
- The framework within which the University strives to meet its need for Information Security is codified as Security Policy. A Security Policy is a concise statement by those responsible for a system (such as senior management) of information values, protection responsibilities, and organizational commitment.
- Standard
- Specific requirements for the configurations of hosts and network security devices. These requirements tend to change slowly over time.
- Specific requirements for the configurations of hosts and network security devices. These requirements tend to change slowly over time.
- Guideline
- Recommendations and additional guidance on policies and standards.
- Recommendations and additional guidance on policies and standards.
Where Can I Review IT Policies, Standards, & Guidelines?
As new University IT Policies, Standards, & Guidelines are released, they will replace individual campus policies to create system consistency.
Norman and Health Science Center accounts are subject to University-Wide IT Policies, Standards, & Guidelines, in addition to the existing Norman and OUHSC Policies, Standards, & Guidelines.
