These University of Â鶹´«Ã½ policies, State of Â鶹´«Ã½ Revised Statutes, and external regulations all have information security implications. Anyone accessing University of Â鶹´«Ã½ resources, including data, computer, and network resources, is responsible for ensuring compliance with all applicable policies and regulations.
Click on a link below to be directed to the appropriate table:
- Â鶹´«Ã½Policies related to Information Security
- Â鶹´«Ã½ Revised Statutes
- External Standards and Regulations
Â鶹´«Ã½Policies related to Information Security
| Policy | Title | How it Applies to UH |
|---|---|---|
| EP 2.210 [PDF] | Use and Management of Information Technology Resources Policy | Describes the appropriate use of Â鶹´«Ã½information technology resources which applies to students, faculty, staff, and authorized guest users. |
| EP 2.214 | Institutional Data Classification Categories and Information Security Guidelines Minimum Security Standards |
The objective of this executive policy is to organize Â鶹´«Ã½Institutional Data into data classification categories based on different levels of security risk and penalties that may result from the inadvertent exposure and inappropriate disclosure of those data. |
| EP 2.215 | Â鶹´«Ã½Institutional Data Governance Policy Â鶹´«Ã½Data Governance Website |
Establishes system-wide standards to protect the privacy and security of data and information under the stewardship of the University. |
| EP 2.216 | Institutional Records Management | Establishes institutional requirements for responsible records management. |
| EP 2.217 [PDF] | Â鶹´«Ã½HIPAA Policy Â鶹´«Ã½HIPAA Website |
To ensure that Â鶹´«Ã½complies with the Health Insurance Portability and Accountability Act |
| EP 2.218 [PDF] | Online Approvals of Internal University Transactions | Describes institutional requirements regarding the use of online approvals and signatures |
| EP 2.219 | Student Online Data Protection Requirements for Third Party Vendors | This Policy sets forth the University’s expectations of how our Student Data shall be managed by external parties. |
| EP 7.208 | Systemwide Student Conduct Code | Describes the rules and regulations that Â鶹´«Ã½students must comply with. |
| EP 8.200 | Policy on Contracts and Signing Authority | Policy on contracts that details Information Technology and Data Commitments that must be met before contracts are signed. |
| Mandatory Training on Data Privacy and Security | To describe the mandatory training and continuing education requirements for Â鶹´«Ã½employees, students, and affiliates | |
| AP 7.022 | Procedures Relating to Protection of the Educational Rights and Privacy of Students | Establishes procedures governing a Â鶹´«Ã½student’s access to their own education records and access to education records by the public and other governmental agencies. |
| AP 8.710 | Credit Card Program | Procedures for processing credit card transactions in accordance with University policies, banking and payment card industry requirements, etc. |
Â鶹´«Ã½ Revised Statutes
| Law | Title | How it Applies to UH |
|---|---|---|
| Uniform Information Practices Act (UIPA) | Requires the University to open government records for public inspection except Social Security numbers, personal records, etc. | |
| Social Security Number Protection | Requires the University to protect an individual’s Social Security number. | |
| Security Breach of Personal Information | Requires the University to provide notice if there has been a security breach of personal information. | |
| Destruction of Personal Information Records | Requires the University to securely dispose of personal information. |
External Standards and Regulations
| Standard/Regulation | Title | How it Applies to UH |
|---|---|---|
| Health Insurance Portability and Accountability Act Â鶹´«Ã½HIPAA Website |
Regulates the use, disclosure, and protection of individuals’ health information. | |
| Family Educational Rights and Privacy Act | Requires the University to provide students with access to their education records, an opportunity to have the records amended, and some control over its disclosure. | |
| Federal Information Security Management Act | Requires federal agencies to implement an information security for information/information systems that support the operations and assets of the agency, including those provided or managed by another agency, contractor (e.g. UH), or other source. | |
| Gramm-Leach-Bliley Act (“Safeguards Rule”) Â鶹´«Ã½GLBA Website |
Regulates how non-public personal information is to be protected. | |
| Fair and Accurate Credit Transactions Act (“Red Flags Rule”) | Requires an identity theft prevention program to identify and detect red flags and to prevent and mitigate identity theft. | |
| Payment Card Industry Data Security Standards | Requires the University to implement security controls around cardholder data to reduce credit card fraud. | |
| Digital Millennium Copyright Act (“OCILLA”) | Requires the University to take action on copyright infringement that originates on the network. | |
| National Defense Authorization Act, Section 889 | Purchasing restrictions on federal contracts that involve covered telecommunications equipment or services. |