The access and use of many university software platforms require careful management and security oversights.

The policies, guidance protocols and additional resources have been compiled to help you navigate your daily work tasks while maintaining the integrity of university data and crucial software systems.

Administrative Policy Statements

• Data Governance APS 6010 [2]
• IT Security Program APS 6005 [3]
• Providing and Using Information Technology APS 6001 [4]
• Use of Electronic Mail Administrative Policy Statement APS 6002 [5]
• Collection of Personal Data from Students and Customers Administrative Policy Statement APS 7003 [6]
• Retention of University Records Administrative Policy Statement APS 2006 [7]

University-wide Policies and Guidelines

General Security

Standards for system-wide baseline security, impact security, purchasing, software as a service and more can be found on the Office of Information Security (OIS) Policies webpage. [8]

• Standards for Data Classification and System Security Categorization [9]
  • Data Classification [10]
  • Adverse Impact [11]

Data Privacy

• Privacy Statement [12]
• Employee Data Use Guidelines [13]
• Student Data Use Guidelines [14]

For information on university-wide standards, procedures and guidelines, visit OIS Policies. [8]

Additional Resources

Laws and Regulations

Sources for relevant legal and compliance policies and documentation.

• Colorado Protections for Consumer Data Privacy [15]
• Family Educational Rights and Privacy Act (FERPA) [16]
• Health Insurance Protability and Accountability Act (HIPAA) [17]
• Gramm-Leach-Bliley Act (GLBA) [18]
• Payment Card Industry Data Security Standard (PCIDSS) [19]

 Cyber Risk and Compliance Committee

The Cyber Risk and Compliance Committee [20] serves to provide oversight and support of IT Security across all University of Colorado campuses.