{"id":58,"date":"2020-04-15T10:43:20","date_gmt":"2020-04-15T20:43:20","guid":{"rendered":"https:\/\/www.hawaii.edu\/testinfosec\/?page_id=58"},"modified":"2025-11-05T14:50:46","modified_gmt":"2025-11-06T00:50:46","slug":"policies","status":"publish","type":"page","link":"https:\/\/www.hawaii.edu\/infosec\/policies\/","title":{"rendered":"Policies &amp; Compliance"},"content":{"rendered":"<p>These University of <span aria-label=\"Hawaii\">Â鶹´«Ã½<\/span> policies, State of <span aria-label=\"Hawaii\">Â鶹´«Ã½<\/span> Revised Statutes, and external regulations all have information security implications. Anyone accessing University of <span aria-label=\"Hawaii\">Â鶹´«Ã½<\/span> resources, including data, computer, and network resources, is responsible for ensuring compliance with all applicable policies and regulations.<\/p>\n<p>Click on a link below to be directed to the appropriate table:<\/p>\n<ul>\n<li><a href=\"#uh-policies\">Â鶹´«Ã½Policies related to Information Security<\/a><\/li>\n<li><a href=\"#hawaii-revised-statutes\"><span aria-label=\"Hawaii\">Â鶹´«Ã½<\/span> Revised Statutes<\/a><\/li>\n<li><a href=\"#external-standards\">External Standards and Regulations<\/a><\/li>\n<\/ul>\n<h2 id=\"uh-policies\">Â鶹´«Ã½Policies related to Information Security<\/h2>\n<table class=\"table table-bordered\">\n<thead class=\"thead-light\">\n<tr>\n<th scope=\"col\" style=\"width:10%\">Policy<\/th>\n<th scope=\"col\">Title<\/th>\n<th scope=\"col\">How it Applies to UH<\/th>\n<\/tr>\n<\/thead>\n<tbody>\n<tr>\n<td><a href=\"https:\/\/www.hawaii.edu\/policy\/ep2.210\">EP 2.210 [PDF]<\/a><\/td>\n<td>Use and Management of Information Technology Resources Policy<\/td>\n<td>Describes the appropriate use of Â鶹´«Ã½information technology resources which applies to students, faculty, staff, and authorized guest users.<\/td>\n<\/tr>\n<tr>\n<td><a href=\"https:\/\/www.hawaii.edu\/policy\/ep2.214\">EP 2.214 <i class=\"fa fa-external-link\" aria-hidden=\"true\"><\/i><\/a><\/td>\n<td>Institutional Data Classification Categories and Information Security Guidelines <br \/> <a href=\"..\/minimum-standards\/\">Minimum Security Standards<\/a> <\/td>\n<td> The objective of this executive policy is to organize Â鶹´«Ã½Institutional Data into data classification categories based on different levels of security risk and penalties that may result from the inadvertent exposure and inappropriate disclosure of those data.<\/td>\n<\/tr>\n<tr>\n<td><a href=\"https:\/\/www.hawaii.edu\/policy\/ep2.215\">EP 2.215 <i class=\"fa fa-external-link\" aria-hidden=\"true\"><\/i><\/a><\/td>\n<td>Â鶹´«Ã½Institutional Data Governance Policy<br \/><a href=\"https:\/\/www.hawaii.edu\/uhdatagov\/\">Â鶹´«Ã½Data Governance Website <i class=\"fa fa-external-link\" aria-hidden=\"true\"><\/i><\/a><\/td>\n<td>Establishes system-wide standards to protect the privacy and security of data and information under the stewardship of the University.<\/td>\n<\/tr>\n<tr>\n<td><a href=\"https:\/\/www.hawaii.edu\/policy\/ep2.216\">EP 2.216 <i class=\"fa fa-external-link\" aria-hidden=\"true\"><\/i><\/a><\/td>\n<td>Institutional Records Management<\/td>\n<td>Establishes institutional requirements for responsible records management.<\/td>\n<\/tr>\n<tr>\n<td><a href=\"https:\/\/www.hawaii.edu\/policy\/ep2.217\">EP 2.217 [PDF]<\/a><\/td>\n<td>Â鶹´«Ã½HIPAA Policy <br \/> <a href=\"..\/hipaa\/\">Â鶹´«Ã½HIPAA Website<\/a><\/td>\n<td>To ensure that Â鶹´«Ã½complies with the Health Insurance Portability and Accountability Act<\/td>\n<\/tr>\n<tr>\n<td><a href=\"https:\/\/www.hawaii.edu\/policy\/ep2.218\">EP 2.218 [PDF]<\/a><\/td>\n<td>Online Approvals of Internal University Transactions<\/td>\n<td>Describes institutional requirements regarding the use of online approvals and signatures<\/td>\n<\/tr>\n<tr>\n<td><a href=\"https:\/\/www.hawaii.edu\/policy\/ep2.219\">EP 2.219 <i class=\"fa fa-external-link\" aria-hidden=\"true\"><\/i><\/a><\/td>\n<td>Student Online Data Protection Requirements for Third Party Vendors<\/td>\n<td>This Policy sets forth the University&#8217;s expectations of how our Student Data shall be managed by external parties.<\/td>\n<\/tr>\n<tr>\n<td><a href=\"https:\/\/www.hawaii.edu\/policy\/ep7.208\">EP 7.208 <i class=\"fa fa-external-link\" aria-hidden=\"true\"><\/i><\/a><\/td>\n<td>Systemwide Student Conduct Code<\/td>\n<td>Describes the rules and regulations that Â鶹´«Ã½students must comply with.<\/td>\n<\/tr>\n<tr>\n<td><a href=\"https:\/\/www.hawaii.edu\/policy\/ep8.200\">EP 8.200 <i class=\"fa fa-external-link\" aria-hidden=\"true\"><\/i><\/a><\/td>\n<td>Policy on Contracts and Signing Authority<\/td>\n<td>Policy on contracts that details Information Technology and Data Commitments that must be met before contracts are signed. <\/td>\n<\/tr>\n<tr>\n<td><a href=\"https:\/\/hawaii.edu\/policy\/ap2.215\">AP 2.215 <i class=\"fa fa-external-link\" aria-hidden=\"true\"><\/i><\/a><\/td>\n<td>Mandatory Training on Data Privacy and Security<\/td>\n<td>To describe the mandatory training and continuing education requirements for Â鶹´«Ã½employees, students, and affiliates<\/td>\n<\/tr>\n<tr>\n<td><a href=\"https:\/\/www.hawaii.edu\/policy\/ap7.022\">AP 7.022 <i class=\"fa fa-external-link\" aria-hidden=\"true\"><\/i><\/a><\/td>\n<td>Procedures Relating to Protection of the Educational Rights and Privacy of Students<\/td>\n<td>Establishes procedures governing a Â鶹´«Ã½student&#8217;s access to their own education records and access to education records by the public and other governmental agencies.<\/td>\n<\/tr>\n<tr>\n<td><a href=\"https:\/\/www.hawaii.edu\/policy\/ap8.710\">AP 8.710 <i class=\"fa fa-external-link\" aria-hidden=\"true\"><\/i><\/a><\/td>\n<td>Credit Card Program<\/td>\n<td>Procedures for processing credit card transactions in accordance with University policies, banking and payment card industry requirements, etc.<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<h2 id=\"hawaii-revised-statutes\"><span aria-label=\"Hawaii\">Â鶹´«Ã½<\/span> Revised Statutes<\/h2>\n<table class=\"table table-bordered\">\n<thead class=\"thead-light\">\n<tr>\n<th scope=\"col\" style=\"width:10%\">Law<\/th>\n<th scope=\"col\">Title<\/th>\n<th scope=\"col\">How it Applies to UH<\/th>\n<\/tr>\n<\/thead>\n<tbody>\n<tr>\n<td><a href=\"https:\/\/www.capitol.hawaii.gov\/hrscurrent\/Vol02_Ch0046-0115\/HRS0092F\/HRS_0092F-.htm\">HRS 92F <i class=\"fa fa-external-link\" aria-hidden=\"true\"><\/i><\/a><\/td>\n<td>Uniform Information Practices Act (UIPA)<\/td>\n<td>Requires the University to open government records for public inspection except Social Security numbers, personal records, etc.<\/td>\n<\/tr>\n<tr>\n<td><a href=\"https:\/\/www.capitol.hawaii.gov\/hrscurrent\/Vol11_Ch0476-0490\/HRS0487J\/HRS_0487J-.htm\">HRS 487J <i class=\"fa fa-external-link\" aria-hidden=\"true\"><\/i><\/a><\/td>\n<td>Social Security Number Protection<\/td>\n<td>Requires the University to protect an individual&#8217;s Social Security number.<\/td>\n<\/tr>\n<tr>\n<td><a href=\"https:\/\/www.capitol.hawaii.gov\/hrscurrent\/Vol11_Ch0476-0490\/HRS0487N\/HRS_0487N-.htm\">HRS 487N <i class=\"fa fa-external-link\" aria-hidden=\"true\"><\/i><\/a><\/td>\n<td>Security Breach of Personal Information<\/td>\n<td>Requires the University to provide notice if there has been a security breach of personal information.<\/td>\n<\/tr>\n<tr>\n<td><a href=\"https:\/\/www.capitol.hawaii.gov\/hrscurrent\/Vol11_Ch0476-0490\/HRS0487R\/HRS_0487R-.htm\">HRS 487R <i class=\"fa fa-external-link\" aria-hidden=\"true\"><\/i><\/a><\/td>\n<td>Destruction of Personal Information Records<\/td>\n<td>Requires the University to securely dispose of personal information.<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<h2 id=\"external-standards\">External Standards and Regulations<\/h2>\n<table class=\"table table-bordered\">\n<thead class=\"thead-light\">\n<tr>\n<th scope=\"col\">Standard\/Regulation<\/th>\n<th scope=\"col\">Title<\/th>\n<th scope=\"col\">How it Applies to UH<\/th>\n<\/tr>\n<\/thead>\n<tbody>\n<tr>\n<td><a aria-label=\"external-hipaa-information\" href=\"https:\/\/www.hhs.gov\/hipaa\/for-professionals\/index.html\">HIPAA <i class=\"fa fa-external-link\" aria-hidden=\"true\"><\/i><\/a><\/td>\n<td>Health Insurance Portability and Accountability Act<br \/><a href=\"..\/hipaa\/\">Â鶹´«Ã½HIPAA Website<\/a><\/td>\n<td>Regulates the use, disclosure, and protection of individuals&#8217; health information.<\/td>\n<\/tr>\n<tr>\n<td><a href=\"https:\/\/studentprivacy.ed.gov\/ferpa\">FERPA <i class=\"fa fa-external-link\" aria-hidden=\"true\"><\/i><\/a><\/td>\n<td>Family Educational Rights and Privacy Act<\/td>\n<td>Requires the University to provide students with access to their education records, an opportunity to have the records amended, and some control over its disclosure.<\/td>\n<\/tr>\n<tr>\n<td><a href=\"https:\/\/csrc.nist.gov\/groups\/SMA\/fisma\/index.html\">FISMA <i class=\"fa fa-external-link\" aria-hidden=\"true\"><\/i><\/a><\/td>\n<td>Federal Information Security Management Act<\/td>\n<td>Requires federal agencies to implement an information security for information\/information systems that support the operations and assets of the agency, including those provided or managed by another agency, contractor (e.g. UH), or other source.<\/td>\n<\/tr>\n<tr>\n<td><a href=\"https:\/\/www.ftc.gov\/privacy\/glbact\/glbsub1.htm\">GLBA <i class=\"fa fa-external-link\" aria-hidden=\"true\"><\/i><\/a><\/td>\n<td>Gramm-Leach-Bliley Act (&#8220;Safeguards Rule&#8221;)<br \/><a href=\"..\/glba\/\">Â鶹´«Ã½GLBA Website<\/a><\/td>\n<td>Regulates how non-public personal information is to be protected.<\/td>\n<\/tr>\n<tr>\n<td><a href=\"https:\/\/www.ftc.gov\/bcp\/edu\/microsites\/redflagsrule\/index.shtml\">FACTA <i class=\"fa fa-external-link\" aria-hidden=\"true\"><\/i><\/a><\/td>\n<td>Fair and Accurate Credit Transactions Act (&#8220;Red Flags Rule&#8221;)<\/td>\n<td>Requires an identity theft prevention program to identify and detect red flags and to prevent and mitigate identity theft.<\/td>\n<\/tr>\n<tr>\n<td><a href=\"https:\/\/www.pcisecuritystandards.org\/security_standards\/\">PCI DSS <i class=\"fa fa-external-link\" aria-hidden=\"true\"><\/i><\/a><\/td>\n<td>Payment Card Industry Data Security Standards<\/td>\n<td>Requires the University to implement security controls around cardholder data to reduce credit card fraud.<\/td>\n<\/tr>\n<tr>\n<td><a href=\"https:\/\/www.copyright.gov\/dmca\/\">DMCA<\/a><\/td>\n<td>Digital Millennium Copyright Act (&#8220;OCILLA&#8221;)<\/td>\n<td>Requires the University to take action on copyright infringement that originates on the network.<\/td>\n<\/tr>\n<tr>\n<td><a href=\"https:\/\/www.acquisition.gov\/Section-889-Policies\">NDAA Section 889<\/a><\/td>\n<td>National Defense Authorization Act, Section 889<\/td>\n<td>Purchasing restrictions on federal contracts that involve covered telecommunications equipment or services.<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n","protected":false},"excerpt":{"rendered":"<p>These University of Â鶹´«Ã½ policies, State of Â鶹´«Ã½ Revised Statutes, and external regulations all have information security implications. Anyone accessing University of Â鶹´«Ã½ resources, including data, computer, and network resources, is responsible for ensuring compliance with all applicable policies and &hellip; <\/p>\n","protected":false},"author":86,"featured_media":0,"parent":0,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"page-onecolumn.php","meta":{"footnotes":""},"class_list":["post-58","page","type-page","status-publish","hentry"],"_links":{"self":[{"href":"https:\/\/www.hawaii.edu\/infosec\/wp-json\/wp\/v2\/pages\/58","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.hawaii.edu\/infosec\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/www.hawaii.edu\/infosec\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/www.hawaii.edu\/infosec\/wp-json\/wp\/v2\/users\/86"}],"replies":[{"embeddable":true,"href":"https:\/\/www.hawaii.edu\/infosec\/wp-json\/wp\/v2\/comments?post=58"}],"version-history":[{"count":31,"href":"https:\/\/www.hawaii.edu\/infosec\/wp-json\/wp\/v2\/pages\/58\/revisions"}],"predecessor-version":[{"id":2422,"href":"https:\/\/www.hawaii.edu\/infosec\/wp-json\/wp\/v2\/pages\/58\/revisions\/2422"}],"wp:attachment":[{"href":"https:\/\/www.hawaii.edu\/infosec\/wp-json\/wp\/v2\/media?parent=58"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}