Search18 Results

The purpose of this policy is to define minimum security controls for devices in use at the UNC School of Medicine. Individual departments/units may apply stricter controls to protect information and devices in their areas of responsibility. The policy applies to each School of Medicine Constituent for any covered device under their control, including personal devices (“Bring Your Own Device” - “BYOD”).
The University has obligations to ensure integrity and accessibility of records, and security of sensitive University information that may be sent or received via email. This policy advises individuals of their obligations to use only their University email account and not personal email accounts for University business and to manage the records resulting from that use in accordance with applicable policy, standards, and procedures.
Protected Health Information (PHI) and Sensitive Information (SI) that is transmitted or received on behalf of the University of North Carolina at Chapel Hill by any Constituent must be encrypted in accordance with this Standard, which details required minimum encryption standards for University Tier 2 and Tier 3 information. Particular transmissions may require a heightened encryption requirement or consideration of additional legal or policy requirements.
The UNC-Chapel Hill Incident Management Policy requires "every faculty member, staff member, student, temporary employee, contractor, outside vendor, and visitor to campus (AKA User) who has access to University-owned or managed information through computing systems, devices, or physical files" to "report Information Security Incidents" per the procedures defined. As defined in the UNC-Chapel Hill Incident Management Policy, sensitive information includes "card holder data," ...
Failure to protect information through the use of strong passwords/pass-phrases and additional authentication methods may result in incidents that expose sensitive information and/or impact mission-critical UNC-Chapel Hill services. This Standard outlines minimum requirements for authentication mechanisms for information systems under the University's control and password strength and other requirements for accounts on University systems and accounts that use University data.
To provide guidance for individuals and units on responsibilities for managing suppliers of Information Technology (IT) services, software, and systems. To manage risk to university information and other assets by creating clearer communication and understanding between vendors and University staff. To define required security controls monitoring activities.
Given the risks associated with information security incidents, as well as implications for the University's compliance with federal and State regulatory requirements and the terms of certain grants and contracts, unit heads must be aware of information security issues and of their responsibilities for mitigating those risks. Information Security Liaisons from each unit offer significant security support and improve the University's capabilities.
This standard defines the minimum security controls for Information Technology systems in use at UNC-Chapel Hill including personal and University-owned devices. Units within the University may apply stricter controls to protect information and systems in their areas of responsibility. The standard applies to each UNC-Chapel Hill Constituent, student, employee, or other for any covered system under their control.
Adherence to the procedures outlined below will streamline the handling of Information Security Incidents and minimize the timeframe during which Sensitive Information and Mission-Critical Resources exist in a vulnerable state.
All members of the University community who engage with any University information technology (including wireless or other networks) must adhere to this Acceptable Use Policy.
Requirements related to Information Technology-related incidents including data breach (or possible data breach), misuse of equipment/applications/data, loss of University-owned equipment, or related.
This policy defines the framework upon which the University information security program operates and gives direction for Information Security-related Policies, Standards, and Procedures to address specific areas of operation.
To guide University Constituents in preserving the integrity, confidentiality, and availability of University information and information systems. Access controls are intended to minimize inappropriate exposure of University information by limiting system access to authorized individuals.
The Access Control Policy states the University's strong interest in preserving the integrity, confidentiality, and availability of University information and information systems. Access controls are intended to minimize inappropriate exposure of University information by limiting system access to authorized individuals. Adherence to this policy minimizes risk to the University resulting from unauthorized use of resources.
Some University business units operate their own email systems. Email accounts used to conduct the business of the University require that appropriate security, backup, and records-retention measures be in place. Departments may host or contract for separate email systems using either unc.edu sub-domains (such as "physics.unc.edu") or entirely separate domains (such as "unclatindepartment.org"). This Policy addresses requirements for these units.