Policies/Procedures -�IT Security

Policies, Procedures, Guidelines and Best Practices

The University has established policies and guidelines to explain and define your responsibilities, as members of the campus community, to properly secure the University's information and technology as required by the nature of the information and/or by legislative or contractual obligations.

A brief description of the University's information and technology-related policies are listed below.� Click the policy name to access the actual policy document.

	�	Rights, Rules and Responsibilities A concise reference and guide for all members of the Princeton University community. This document includes brief statements of University policies that are most likely to be applicable to and of interest to all University constituencies , including policies applicable to information technology use.
	�	Princeton University Information Technology Policy Defines the general rules of conduct for members of the University community when using the University's technology resources. It provides clear examples of acceptable and unacceptable behavior, and details the range of penalties for violations of University regulations and policy.
	�	Princeton University Information Security Policy Principles for protecting information in a manner that is consistent with its requirements for confidentiality, integrity and availability wherever it is located across the University.
	�	Policy for Handling Credit and Debit Card Payments The University’s policy and procedures intended�for anyone who accepts, captures, stores, transmits and/or processes of credit or debit card payments�as well as�those who support automated systems that manage credit card information to ensure that credit and debit card information is handled and disposed of in a manner that satisfies the University’s obligation to protect such information to the level that meets or exceeds that required by the Payment Card Industry.
	�	Procedure for responding to a possible exposure of sensitive University data Responsibilities of any individual who suspects that a device storing University information has been lost, stolen, successfully attacked by hackers or secured in a manner that permits unauthorized individuals to access sensitive University information.
	�	Best Practices for Information Access Defines the role of Information Guardian and its responsibilities for data protection and enforcing rules for authorized data sharing.
�	�	Password Composition Best Practices Defines�the minimum level of complexity that�passwords used to access University systems are to have.