University Information Technologies (UNIT) maintains the policies governing the use of University computing and IT communication resources. In the creation of these policies, UNIT references NIST 800-53r4 and the SANS Critical Security Controls, as well as the recommendations from governing bodies, such as ECAR, Educause, Gartner, and CEB. Prior to being published on the UNIT website, each policy is reviewed and approved by the University Committee for Information Technologies (UCIT), the Chief Information Security Officer, the Office of General Counsel and the Office of University Compliance. The IT Policy process also includes an annual review of existing policies and a selection of those policies to be audited for verification of compliance within the University.
Every member of the University community is bound by these policies and is expected to be thoroughly familiar with them. Violators will be subject to the full range of disciplinary sanctions, up to and including expulsion or termination.
In order to retain necessary flexibility in the administration of policies, the University reserves the right to interpret, revise, or delete any of the provisions of these policies as the University deems appropriate in its discretion.