Search14 Results

This Standard provides requirements for the procurement of accessible Digital Content, Resources, and Technology (“Digital Material”). Implementing this standard will ensure that all individuals have access to Digital Material purchased by or on behalf of the University in compliance with the Policy on Digital Accessibility and with governing law.
This Standard sets out the minimum requirements for creating accessible Digital Content, Resources, and Technology (“Digital Material”) to advance the University’s commitment to providing equitable access in compliance with the University Policy on Digital Accessibility. Accessibility is a shared responsibility among those who maintain University Digital Material.
The University is committed to establishing a welcoming and equitable digital experience. This policy provides direction on creating an accessible experience that enhances usability for everyone. Implementing this policy will ensure that all individuals have access to Digital Content, Resources, and Technology (“Digital Material”) provided by or on behalf of the University.
To provide guidance for individuals and units on responsibilities for managing suppliers of Information Technology (IT) services, software, and systems. To manage risk to university information and other assets by creating clearer communication and understanding between vendors and University staff. To define required security controls monitoring activities.
To guide University Constituents in preserving the integrity, confidentiality, and availability of University information and information systems. Access controls are intended to minimize inappropriate exposure of University information by limiting system access to authorized individuals.
The Access Control Policy states the University's strong interest in preserving the integrity, confidentiality, and availability of University information and information systems. Access controls are intended to minimize inappropriate exposure of University information by limiting system access to authorized individuals. Adherence to this policy minimizes risk to the University resulting from unauthorized use of resources.
Given the risks associated with information security incidents, as well as implications for the University's compliance with federal and State regulatory requirements and the terms of certain grants and contracts, unit heads must be aware of information security issues and of their responsibilities for mitigating those risks. Information Security Liaisons from each unit offer significant security support and improve the University's capabilities.
Some University business units operate their own email systems. Email accounts used to conduct the business of the University require that appropriate security, backup, and records-retention measures be in place. Departments may host or contract for separate email systems using either unc.edu sub-domains (such as "physics.unc.edu") or entirely separate domains (such as "unclatindepartment.org"). This Policy addresses requirements for these units.
Failure to protect information through the use of strong passwords/pass-phrases and additional authentication methods may result in incidents that expose sensitive information and/or impact mission-critical UNC-Chapel Hill services. This Standard outlines minimum requirements for authentication mechanisms for information systems under the University's control and password strength and other requirements for accounts on University systems and accounts that use University data.
The goal of Information Technology (IT) change management is to increase awareness and understanding of proposed IT changes across the University and ensure that all such changes are made in a thoughtful way that minimizes negative impact to IT systems, services, users and other customers.
The Wireless Standard provides a structure for managing the shared resource of wireless communications spectrum on the UNC-Chapel Hill campus. The UNC-Chapel Hill technology infrastructure is provided to support University operations and its mission of education, service, and research.
This standard defines the minimum security controls for Information Technology systems in use at UNC-Chapel Hill including personal and University-owned devices. Units within the University may apply stricter controls to protect information and systems in their areas of responsibility. The standard applies to each UNC-Chapel Hill Constituent, student, employee, or other for any covered system under their control.
This standard is intended to represent a minimum baseline for managing vulnerabilities on any UNC-Chapel Hill system required by the UNC-Chapel Hill Information Security Controls Standard to be scanned for vulnerabilities.
The UNC-Chapel Hill Incident Management Policy requires "every faculty member, staff member, student, temporary employee, contractor, outside vendor, and visitor to campus (AKA User) who has access to University-owned or managed information through computing systems, devices, or physical files" to "report Information Security Incidents" per the procedures defined. As defined in the UNC-Chapel Hill Incident Management Policy, sensitive information includes "card holder data," ...