Policies-Computing Services ISO - Carnegie Mellon University

Policies 

The Information Security Office is responsible for maintaining a number of University policies that govern the use and protection of University data and computing resources.  These policies undergo a reigorous review process and are eventually approved by the Office of the President.  A comprehensive list of all University policies can be found on the University Policies website.  Below is a list of policies that are maintained by the Information Security Office.

Horizontal Rule
Information Security Policy
The Information Security Policy was published in December 2008 as a measure to protect the confidentiality, integrity and availability of institutional data.  It applies to all faculty, staff and third-party agents of the University and will be supported by a collection of guidelines and procedures that will aid in its implementation.  The Information Security Policy replaces the Data and Computer Security Policy, which is now retired.
View Policy >>
Horizontal Rule
Computing Policy
The Computing Policy was published in 2003 and defines acceptable behavior with respect to the use of University computing resources. It applies to anyone who is provisioned access to computing resources.  The Computing Policy also defines privacy expectations with respect to student, faculty and staff data.  This policy is scheduled for review during the 2009-2010 fiscal year.
View Policy >>
Horizontal Rule
GLBA Information Security Program Policy
The GLBA Information Security Program Policy was published in 2003 to address regulatory requirements imposed by the Gramm-Leach-Bliley Act of 1999.  This Act dictates security requirements related to the protection of certain types of personal financial information.  Among these requirements is the implementation of a comprehensive information security program.  The GLBA Information Security Program Policy outlines components of the University's information security program with respect to the protection of personal financial information.
View Policy >>
Horizontal Rule

There are a number of policies maintained by other areas of the University that may be of value when dealing with the protection of University data and computing resources.  They include the following: