Policies In Queue

January Review

  • Data Center and Server Room Policy

    The purpose of the Data Center and Server Room Policy is to describe the minimum requirements for designing, installing, securing, monitoring, maintaining, protecting, and decommissioning a data center or server room at the University of Kansas. Associated document: Data Center and Server Room Standards STATUS: REVIEWED 02-15-21

  • Systems Development Life Cycle (SDLC) Policy

    The purpose of the Systems Development Life Cycle (SDLC) Policy is to describe the requirements for developing and/or implementing new software and systems at the University of Kansas and to ensure that all development work is compliant as it relates to any and all regulatory, statutory, federal, and /or state guidelines. Associated document: SDLC Standards STATUS: REVIEWED 01-21-21

March Review

  • Telecommunications Wiring Policy

    To establish principles and provisions to guide the university in the construction and ongoing management of its telecommunications cabling infrastructure. STATUS: REVIEWED 01-12-21

May Review

  • Password Policy

    The purpose of this policy is to establish a standard for creation of strong passwords, the protection of those passwords, and the frequency of password change.

  • IT Security Incident Response Policy

    The IT Security Incident Response Policy defines the responsibilities of KU Lawrence campus staff when responding to or reporting security incidents. It delineates roles within the Computer Security Incident Response Team (CSIRT) and outlines which members of University administration should be involved in different types of security incidents.

  • Information Access Control Policy

    To ensure the security and integrity of university data and information assets as well as safeguard the information of its constituents. All Kansas University technology resources will adhere to a uniform access control standard and framework.

  • Information Technology Security Policy

    This Information Security Policy (“Policy”) defines the security requirements that everyone who works or studies at KU Lawrence campus and all reporting units is expected to be familiar with and consistently follow. These security measures are set forth to avoid problems that affect the Confidentiality, Integrity, and Availability of information and systems at the University.

July Review

  • Data Classification and Handling Policy

    Information is a valuable University asset and is critical to the mission of teaching, research, and service to Kansans. Determining how to protect and handle information depends on a consideration of the information’s type, importance, and usage. Classification is necessary to understand which security practices should be used to protect different types of information. The more protected the information needs to be, the more practices are required. STATUS: DRAFT WAITING FOR APPROVAL

  • Bring Your Own Device (BYOD) Policy

    In order to give members of the KU community flexibility in the devices they use to access the KU network, the university has established a Bring Your Own Device (BYOD) policy. This policy defines the appropriate use cases and procedures for using personally owned computing devices while engaged in University business. STATUS: DRAFT WAITING FOR APPROVAL

September Review

  • Network Policy

    To define the University network and establish operational provisions governing use and operation of the network. STATUS: REVIEW IN PROGRESS

  • Telecommunications Physical Infrastructure Policy

    This policy covers the use of KU property to enable a telecommunications component on the Lawrence and Edwards campuses of the University of Kansas, regardless of location or placement on University buildings, towers or land, including that which is owned /operated by non-University entities but located on University property. STATUS: REVIEW IN PROGRESS