Skip Navigation

All Campuses

it header
OU homepage OU IT homepage

For Raising Buttons on Subpages

Skip Side Navigation

University-Wide IT Policies, Standards, & Guidelines

Protecting university and student information and the systems that collect, process, and maintain this information is of critical importance to the University of Oklahoma. The University is committed to reviewing information security policies and standards to address changes in laws or regulations, audit findings, or university strategic plans or initiatives.  The Norman campus Chief Information Security Officer (CISO) is responsible for coordinating the development, approval, and dissemination of Information Security policies, standards, and guidelines.

Alphabetical Order

Document NameCategory
Privacy PolicyMarketing & Communications
Document NameEffective DateCompliance Date
Acceptable UseJanuary 12, 2020March 31, 2020
Computer StandardizationMarch 23, 2021March 23, 2021
Confidential Research and PublicationsApril 27, 2020July 1, 2021
CybersecurityDecember 20, 2020December 20, 2021
Data Backup February 8, 2022 March 31, 2022
Disaster Recovery February 8, 2022 March 31, 2022
Email Transmission and UseJuly 11, 2022August 11, 2022
Identity and Access ManagementJuly 11, 2022August 11, 2022
Incident Management
 February 8, 2022 March 31, 2022
Information ProtectionJanuary 12, 2020December 31, 2020
Password PolicyJuly 14, 2020July 14, 2021
Document NameEffective DateCompliance Date
Information ClassificationApril 28, 2021April 28, 2021

By Regulation

The Office of the Vice President for Research and Partnerships establishes and oversees the Controlled Unclassified Information (CUI) Program at the University of Oklahoma and is supported by the OU Information Technology Department. 

Document NameEffective DateCompliance  Date
Confidential Research and Publications Policy April 27, 2020July 1, 2021

Device Encryption

OU's Endpoint Encryption service leverages native encryption, such as FileVault and Bitlocker, and adds a regular device check-in to report on the status of encryption in order to protect the University against the cost of a data breach due to an unencrypted lost or stolen device. 

While existing native encryption provides data security, it does not provide regulatory bodies such as the Department of Education, Office for Civil Rights, and our external funding agencies with verifiable evidence that data was encrypted at the time of loss or theft.

CategoryTypeDesktopOU LaptopRemovable MediaCloud Service
AHealthcare InformationYesYesYesYes*
BPayment Card InformationYesYesYesYes*
D1Confidential Research & Publication InformationYesYesYesYes*
CStudent InformationNoYesYesNo
D2Research & Publications InformationNo
EUniversity Administrative & Financial InformationNo
FPublic InformationNo

*Review the Cybersecurity Policy for more information about encryption and the HSC Portable Computing Device Security Policy.