Skip to main content



Utah State University and its colleges, departments, and divisons, must take measures to protect Restricted Data and Confidential Institutional Data that are stored, processed, or transmitted. All relevant Institutional policies and Federal regulations are listed here.

Policies

Purpose:

The purpose of this policy is to set a standard for all new construction, remodeling, and extensions to the Campus telecommunications/data communications infrastructure. 

Uniform Wiring for Voice/Data information

Purpose:

This policy is intended to be consistent with Utah State University’s established culture of academic freedom, intellectual curiosity, openness, and integrity by defining the requirements and limits of appropriate use of information technology resources and services including computers, digital networks, and information resources at Utah State University. These rules are in place to protect faculty, staff, students, and the University. Inappropriate use exposes Utah State University to risks including compromise of network systems and services, loss of confidential data, loss of the resource for legitimate use, and legal liability.

Appropriate Use of Computing, Networking, & Information Resources information

Purpose:

The intention of this policy is to decrease the availability of Utah State University’s computing resources to unauthorized outsiders. Computing resources and confidential data are sought by unauthorized outsiders for their own purposes, often at the expense of the University or the user of the computer. Proper management of computers reduces these risks of loss and the legal, financial, and personal consequences that may result. This policy is intended to be consistent with Utah State University’s established culture of academic freedom, intellectual curiosity, openness, and integrity by defining the requirements and limits of appropriate use of information technology resources and services including computers, digital networks, and information resources at Utah State University. These rules are in place to protect faculty, staff, students, and the University. Inappropriate use exposes Utah State University to risks including compromise of network systems and services, loss of confidential data, loss of the resource for legitimate use, and legal liability.

Computer Management

Purpose:

Wireless network technologies play an increasingly important role at Utah State University. The purpose of this policy is to establish the intent, direction, and expectation with respect to the deployment (including installation, operation, and maintenance) of wireless technology at Utah State University. USU Information Technology (IT) is taking on the initiative to provide 100% wireless coverage for the institution.

Wireless Network Deployment & Access information

Purpose:

The intention of this policy is to assign authority and responsibility for content and volume of internal bulk mail so that its use is: a) acceptable to the majority of recipients; b) protects the privacy of recipients; c) and is within the capacity of the systems that generate, transmit, and store the messages.

Internal Bulk Email information

Purpose:

Wireless network technologies play an increasingly important role at Utah State University. The purpose of this policy is to establish the intent, direction, and expectation with respect to the deployment (including installation, operation, and maintenance) of wireless technology at Utah State University. USU Information Technology (IT) is taking on the initiative to provide 100% wireless coverage for the institution.

Banner Identification Numbers information

Purpose:

Computers that are connected to the Utah State University Network are at risk of compromise resulting in unauthorized access to computing resources (processor power and storage space) and to confidential data (personal and financial) stored on or transmitted through the comptuer as part of university operations. This Policy defines a means by which vulnerable and/or compromised computers might be identified and isolated from the network pending correction of the problem.

Network Traffic Monitoring and Vulnerability Scanning information

Purpose:

The objective of this policy is to provide assurance of Institutional respect for privacy of information placed by users on University computers and to define the circumstances and limits on exceptions to that privacy. Users are also cautioned about potential exposure of information and limited privacy on the Internet.

Information Privacy - Files and Emails information

Purpose:

The intentions of this policy are:

  • 1.1 to collect all official and business communications of the university in one email system of record (using @usu.edu addresses) for security, auditability, records management, document preservation, archiving and destruction, and other purposes as appropriate; and
  • 1.2 to restore to the University at the termination of employment, control of the @usu.edu email addresses and @usu.edu email accounts that had previously been assigned to employees. This provision only applies to email accounts with addresses ending with @usu.edu
Institutional Email Service information

Purpose:

The intention of this policy is to protect Utah State University's Private Sensitive Information (PSI) and Critical Institutional Data (CID) while stored on or transmitted by institutional information technology resources, and to recognize the applicable issues of the Utah State Board of Regents Policy R345, Information Technology Resource Policy.

Protecting Private Sensitive Information and Critical Institutional Data information

Regulations

Purpose:

This policy requires financial institutions – companies that offer consumers financial products or services like loans, financial or investment advice, or insurance – to explain their information-sharing practices to their customers and to safeguard sensitive data. This act is part of the Federal Trade Commission (FTC) Privacy and Security Regulations. 

Federal Gramm-Leach-Bliley Act (GLBA) information

Purpose:

PCI security for merchants and payment card processors is the vital result of applying the information security best practices in the Payment Card Industry Data Security Standard (PCI DSS). The standard includes 12 requirements for any business that stores, processes or transmits payment cardholder data. These requirements specify the framework for a secure payments environment; for purposes of PCI compliance, their essence is three steps: Assess, Remediate and Report.

Payment Card Industry Data Security Standards information

Purpose:

HIPAA is the acronym for the Health Insurance Portability and Accountability Act that was passed by Congress in 1996.  HIPAA provides the ability to transfer and continue health insurance coverage for millions of American workers and their families when they change or lose their jobs, reduces health care fraud and abuse, mandates industry-wide standards for health care information on electronic billing and other processes, and requires the protection and confidential handling of protected health information.

Health Insurance Portability and Accountability Act of 1996 information

Purpose:

The Family Educational Rights and Privacy Act (FERPA) is a Federal law that protects the privacy of student education records. The law applies to all schools that receive funds under an applicable program of the U.S. Department of Education..

Famlly Educational Rights and Privacy Act information

Purpose:

The Red Flags Rule requires many businesses and organizations to implement a written Identity Theft Prevention Program designed to detect the warning signs – or red flags – of identity theft in their day-to-day operations. This act is part of the Federal Trade Commission (FTC) Privacy and Security Regulations.

Red Flags Rule information

Purpose:

The purpose of this law is to outline the appropriate safeguard and security requirements for persons possessing, using or transferring a listed agent or toxin commensurate with the risk such agent or toxin poses to public health and safety, and animal and plant health, including the risk of use in domestic or international terrorism.

Federal Select Agent Program information