University-Wide IT Policies, Standards, & Guidelines
Protecting university and student information and the systems that collect, process, and maintain this information is of critical importance to the University of Oklahoma. The University is committed to reviewing information security policies and standards to address changes in laws or regulations, audit findings, or university strategic plans or initiatives. The Norman campus Chief Information Security Officer (CISO) is responsible for coordinating the development, approval, and dissemination of Information Security policies, standards, and guidelines.
Alphabetical Order
| Document Name | Category |
|---|---|
| Privacy Policy | Marketing & Communications |
| Document Name | Effective Date | Compliance Date |
|---|---|---|
| Acceptable Use | January 12, 2020 | March 31, 2020 |
| Computer Standardization | March 23, 2021 | March 23, 2021 |
| Confidential Research and Publications | April 27, 2020 | July 1, 2021 |
| Cybersecurity | December 20, 2020 | December 20, 2021 |
| Data Backup | February 8, 2022 | March 31, 2022 |
| Disaster Recovery | February 8, 2022 | March 31, 2022 |
| Email Transmission and Use | July 11, 2022 | August 11, 2022 |
| Identity and Access Management | July 11, 2022 | August 11, 2022 |
| Incident Management | February 8, 2022 | March 31, 2022 |
| Information Protection | January 12, 2020 | December 31, 2020 |
| Password Policy | July 14, 2020 | July 14, 2021 |
| Document Name | Effective Date | Compliance Date |
|---|---|---|
| Information Classification | April 28, 2021 | April 28, 2021 |
| Document Name | Version |
|---|---|
| Asset Summary Worksheet | 2021 |
| Media Disposal | 2021 |
| Non-Standard Computer Security | 2021 |
By Regulation
The Office of the Vice President for Research and Partnerships establishes and oversees the Controlled Unclassified Information (CUI) Program at the University of Oklahoma and is supported by the OU Information Technology Department.
| Document Name | Effective Date | Compliance Date |
|---|---|---|
| Confidential Research and Publications Policy | April 27, 2020 | July 1, 2021 |
Device Encryption
OU's Endpoint Encryption service leverages native encryption, such as FileVault and Bitlocker, and adds a regular device check-in to report on the status of encryption in order to protect the University against the cost of a data breach due to an unencrypted lost or stolen device.
While existing native encryption provides data security, it does not provide regulatory bodies such as the Department of Education, Office for Civil Rights, and our external funding agencies with verifiable evidence that data was encrypted at the time of loss or theft.
| Category | Type | Desktop | OU Laptop | Removable Media | Cloud Service |
|---|---|---|---|---|---|
| A | Healthcare Information | Yes | Yes | Yes | Yes* |
| B | Payment Card Information | Yes | Yes | Yes | Yes* |
| D1 | Confidential Research & Publication Information | Yes | Yes | Yes | Yes* |
| C | Student Information | No | Yes | Yes | No |
| D2 | Research & Publications Information | No | Yes | Yes | No |
| E | University Administrative & Financial Information | No | Yes | Yes | No |
| F | Public Information | No | Yes | Yes | No |
*Review the Cybersecurity Policy for more information about encryption and the HSC Portable Computing Device Security Policy.
