Information Technology Services

Categories (1)

Articles (26)

Data Network Policy

Requirements for all data network activities at the University. Central coordination of data networks supports the University mission of education, service, and research. It is the responsibility of ITS to coordinate, monitor, and manage University network traffic and activities. Compliance with this policy and related Standard helps our campus facilities adhere to FCC and other regulatory requirements, not disrupt statewide or larger networks, and provide robust and reliable services..

Data Network Standard

This standard provides structure for effective operation of data networks for the University in accordance with the UNC-Chapel Hill Data Network Policy. This document represents minimum requirements related to all forms of data networking at the University.

Email Domain Policy

Some University business units operate their own email systems. Email accounts used to conduct the business of the University require that appropriate security, backup, and records-retention measures be in place. Departments may host or contract for separate email systems using either sub-domains (such as "") or entirely separate domains (such as ""). This Policy addresses requirements for these units.

Enterprise Data Governance Policy

This policy establishes a governance framework designed to promote and safeguard the appropriate and effective use of Enterprise Data.

Enterprise Data Governance Standard

This Standard to the Policy on Enterprise Data Governance describes the roles, responsibilities, and scope of authority of the Enterprise Data Coordinating Committee (EDCC), Data Trustees, Data Stewards, Data Managers (comprising the Data Governance Oversight Group (DGOG)), and Data Custodians in distributed Units. Further, this Standard defines data types that comprise University "Enterprise Data" and identifies the scope of authority for governance of each role and group.

Incident Management Policy

Requirements related to Information Technology-related incidents including data breach (or possible data breach), misuse of equipment/applications/data, loss of University-owned equipment, or related.

Incident Management Procedure

Adherence to the procedures outlined below will streamline the handling of Information Security Incidents and minimize the timeframe during which Sensitive Information and Mission-Critical Resources exist in a vulnerable state.

Individual Email Address Policy

The University has obligations to ensure integrity and accessibility of records, and security of sensitive University information that may be sent or received via email. This policy advises individuals of their obligations to use only their University email account and not personal email accounts for University business and to manage the records resulting from that use in accordance with applicable policy, standards, and procedures.

Information Classification Standard

The University of North Carolina at Chapel Hill's (UNC-Chapel Hill) Information Classification Standard defines a structure for the University's institutional information. This Standard is intended to guide University Constituents in recognizing the types of University Information they handle in order to better safeguard that information. This Standard takes into account the open, information sharing mission of the University's academic culture.

Information Security Controls Standard

This standard defines the minimum security controls for Information Technology systems in use at UNC-Chapel Hill including personal and University-owned devices. Units within the University may apply stricter controls to protect information and systems in their areas of responsibility. The standard applies to each UNC-Chapel Hill Constituent, student, employee, or other for any covered system under their control.

Information Security Liaison Standard

Given the risks associated with information security incidents, as well as implications for the University's compliance with federal and State regulatory requirements and the terms of certain grants and contracts, unit heads must be aware of information security issues and of their responsibilities for mitigating those risks. Information Security Liaisons from each unit offer significant security support and improve the University's capabilities.

Information Security Policy

This policy defines the framework upon which the University information security program operates and gives direction for Information Security-related Policies, Standards, and Procedures to address specific areas of operation.

Information Technology Acceptable Use Policy

All members of the University community who engage with any University information technology (including wireless or other networks) must adhere to this Acceptable Use Policy.

Information Technology Access Control Policy

The Access Control Policy states the University's strong interest in preserving the integrity, confidentiality, and availability of University information and information systems. Access controls are intended to minimize inappropriate exposure of University information by limiting system access to authorized individuals. Adherence to this policy minimizes risk to the University resulting from unauthorized use of resources.

Information Technology Access Control Standard

To guide University Constituents in preserving the integrity, confidentiality, and availability of University information and information systems. Access controls are intended to minimize inappropriate exposure of University information by limiting system access to authorized individuals.

Information Technology Change Management Standard

The goal of Information Technology (IT) change management is to increase awareness and understanding of proposed IT changes across the University and ensure that all such changes are made in a thoughtful way that minimizes negative impact to IT systems, services, users and other customers.

Information Technology Vendor Management Standard

To provide guidance for individuals and units on responsibilities for managing suppliers of Information Technology (IT) services, software, and systems. To manage risk to university information and other assets by creating clearer communication and understanding between vendors and University staff. To define required security controls monitoring activities.

ITS Unit Standard on Policies, Standards, and Procedures

This document provides approved guidance for writing and authorizing new University and Information Technology Services (ITS) Department Policies, Standards, and Procedures; for revising existing ITS Policies, Standards, and Procedures; and delineating approval authorities at all levels.

Onyen Policy

The Onyen (originally, the "Only Name You'll Ever Need") is a campus-wide identifier used to gain access to various electronic resources. The Onyen provides each University user with secure access and ensures proper authentication when used in accordance with this policy.

Passwords, Pass-phrases, and Other Authentication Methods Standard

Failure to protect information through the use of strong passwords/pass-phrases and additional authentication methods may result in incidents that expose sensitive information and/or impact mission-critical UNC-Chapel Hill services. This Standard outlines minimum requirements for authentication mechanisms for information systems under the University's control and password strength and other requirements for accounts on University systems and accounts that use University data.

Payment Card Industry Data Security Standards (PCI DSS) Incident Response Plan

The UNC-Chapel Hill Incident Management Policy requires "every faculty member, staff member, student, temporary employee, contractor, outside vendor, and visitor to campus (AKA User) who has access to University-owned or managed information through computing systems, devices, or physical files" to "report Information Security Incidents" per the procedures defined. As defined in the UNC-Chapel Hill Incident Management Policy, sensitive information includes "card holder data," ...

Policy on Terms of Use for Administrative Systems

This policy describes the terms required for use of ConnectCarolina, InfoPorte, associated reporting tools, and other University business applications (“Administrative Systems”).

Transmission of Sensitive Information Standard

Protected Health Information (PHI) and Sensitive Information (SI) that is transmitted or received on behalf of the University of North Carolina at Chapel Hill by any Constituent must be encrypted in accordance with this Standard, which details required minimum encryption standards for University Tier 2 and Tier 3 information. Particular transmissions may require a heightened encryption requirement or consideration of additional legal or policy requirements.

Vulnerability Management Policy for Information Technology

Statement of University policy on the necessity for scanning computing devices for vulnerabilities and maintaining devices so as to reduce risk to University data.

Vulnerability Management Standard for Information Technology

This standard is intended to represent a minimum baseline for managing vulnerabilities on any UNC-Chapel Hill system required by the UNC-Chapel Hill Information Security Controls Standard to be scanned for vulnerabilities.

Wireless Standard

The Wireless Standard provides a structure for managing the shared resource of wireless communications spectrum on the UNC-Chapel Hill campus. The UNC-Chapel Hill technology infrastructure is provided to support University operations and its mission of education, service, and research.