IT Policies, Standards, & Guidelines
Protecting university and student information and the systems that collect, process, and maintain this information is of critical importance to the University of Oklahoma. The University is committed to reviewing information security policies and standards to address changes in laws or regulations, audit findings, or university strategic plans or initiatives. The Norman campus Chief Information Security Officer (CISO) is responsible for coordinating the development, approval, and dissemination of Information Security policies, standards, and guidelines.
What is the Process?
The OU IT Policy, Standard, & Procedure Management Program Plan establishes:
- Clear, comprehensive IT policy that applies across the enterprise;
- Opportunities for constituent and stakeholder feedback that shapes effective policy; and
- Timely and efficient progress.
How Do I Participate?
Choose 1 of the 3 options below and be sure to follow the corresponding instructions:
1. Log in to SharePoint and Comment.
3. Send an email to grc@ou.edu with all 4 of the following items:
- Name of the policy.
- Page number.
- Line number.
- A detailed comment, including the rationale for the comment.
The University of Oklahoma supports an IT Exception process where a particular condition ("an exception") is defined as “a variance from IT Policy or Standard” that occurs after a proposed policy or standard has been released.
Such instances must be documented using the IT Policy and Standards Exception Process by a Business or IT Process Owner owning the risk and approved by an authorized IT Executive (an owner of the IT Policy that governs this policy/standard).
To submit an exception, please fill out the Policy/Standard Exception Form.
What is the Difference between Policies, Standards, & Guidelines?
- Policy
- The framework within which the University strives to meet its need for Information Security is codified as Security Policy. A Security Policy is a concise statement by those responsible for a system (such as senior management) of information values, protection responsibilities, and organizational commitment.
- Standard
- Specific requirements for the configurations of hosts and network security devices. These requirements tend to change slowly over time.
- Specific requirements for the configurations of hosts and network security devices. These requirements tend to change slowly over time.
- Guideline
- Recommendations and additional guidance on policies and standards.
- Recommendations and additional guidance on policies and standards.
Review Approved Definitions Review Pending Definitions in SharePoint
Where Can I Review IT Policies, Standards, & Guidelines?
As new University IT Policies, Standards, & Guidelines are released, they will replace individual campus policies to create system consistency.
Norman and Health Science Center accounts are subject to University-Wide IT Policies, Standards, & Guidelines, in addition to the existing Norman and OUHSC Policies, Standards, & Guidelines.
