Search38 Results

This Policy prohibits all forms of Discrimination and Harassment based on Protected Status; Sexual Assault and Sexual Exploitation, Stalking and Interpersonal Violence, which need not be based on an individual’s Protected Status; Complicity for knowingly assisting in an act that violates this Policy; Retaliation against an individual because of their good faith participation in the reporting, investigation, or adjudication of violations of this Policy; and other associated conduct.
Protected Health Information (PHI) and Sensitive Information (SI) that is transmitted or received on behalf of the University of North Carolina at Chapel Hill by any Constituent must be encrypted in accordance with this Standard, which details required minimum encryption standards for University Tier 2 and Tier 3 information. Particular transmissions may require a heightened encryption requirement or consideration of additional legal or policy requirements.
Failure to protect information through the use of strong passwords/pass-phrases and additional authentication methods may result in incidents that expose sensitive information and/or impact mission-critical UNC-Chapel Hill services. This Standard outlines minimum requirements for authentication mechanisms for information systems under the University's control and password strength and other requirements for accounts on University systems and accounts that use University data.
To provide guidance for individuals and units on responsibilities for managing suppliers of Information Technology (IT) services, software, and systems. To manage risk to university information and other assets by creating clearer communication and understanding between vendors and University staff. To define required security controls monitoring activities.
This standard sets a minimum baseline for managing vulnerabilities on any UNC-Chapel Hill system required by the UNC-Chapel Hill Information Security Controls Standard to be scanned for vulnerabilities. Please see the “Exceptions” section for phased implementation through 2026.
This Standard defines the minimum security standards “MSS” for Information Technology systems in use at UNC-Chapel Hill including personal and University-owned devices and third-party systems. Units within the University may apply stricter controls to protect information and technology in their areas of responsibility. The standard applies to each person in the University community and their devices. Please see the “Exceptions” section for phased implementation options through 2027.
To describe minimum requirements for members of the University of North Carolina at Chapel Hill ("University" or "UNC-Chapel Hill") experiencing a concern that might indicate a Possible Information Security Incident. To specify Information Security Incident authority and role requirements for Information Security Incident Handlers and Information Security Liaisons.
This Standard provides requirements for the procurement of accessible Digital Content, Resources, and Technology (“Digital Material”). Implementing this standard will ensure that all individuals have access to Digital Material purchased by or on behalf of the University in compliance with the Policy on Digital Accessibility and with governing law.
This Standard sets out the minimum requirements for creating accessible Digital Content, Resources, and Technology (“Digital Material”) to advance the University’s commitment to providing equitable access in compliance with the University Policy on Digital Accessibility. Accessibility is a shared responsibility among those who maintain University Digital Material.
The University is committed to establishing a welcoming and equitable digital experience. This policy provides direction on creating an accessible experience that enhances usability for everyone. Implementing this policy will ensure that all individuals have access to Digital Content, Resources, and Technology (“Digital Material”) provided by or on behalf of the University.
The University of North Carolina at Chapel Hill (The "University" or "UNC-Chapel Hill") has a responsibility to protect the privacy and security of protected health information ("PHI") that it creates, receives, accesses, maintains, uses or transmits. Inappropriate access, use, or disclosure of PHI may cause substantial harm to individuals whose information is used or disclosed, and may cause financial and reputational injury to the University.
The Health Insurance Portability and Accountability Act of 1996, as modified by the Health Information Technology for Economic and Clinical Health Act of 2009 ("HIPAA") established Federal standards for safeguarding the privacy of individually identifiable health information. HIPAA mandates rigorous compliance with the requirements for the use and/or disclosure of protected health information ("PHI").
This policy addresses access, disclosure and use of protected health information (defined below) for University research (including research in the School of Medicine, which is part of the UNC Health Care System HIPAA covered entity) in accord with the Privacy regulations of the Health Insurance Portability and Accountability Act of 1996 (HIPAA).
Every two years after completion of the initial P-Card Accountholder training, P-Card accountholders must complete mandatory online refresher training. The training covers applicable restrictions, policies and reconciliation procedures. Accountholders are also required to pass an associated quiz.
Public trust in the integrity and ethical behavior of scholars must be maintained if research is to continue to play its proper role in our University and society. While the primary responsibility for maintaining integrity in research rests with those who conduct it, the University has established standards to ensure a healthy environment for research and compliance with law.