Policies -�IT Security

Policies and Guidelines

The University has established policies and guidelines to explain and define your responsibilities, as members of the campus community, to properly secure the University's information and technology as required by the nature of the information and/or by legislative or contractual obligations.

A brief description of the University's information and technology-related policies are listed below.� Click the policy name to access the actual policy document.

	�	Princeton University Information Security Policy Principles for protecting information in a manner that is consistent with its requirements for confidentiality, integrity and availability wherever it is located across the University.
	�	Rights, Rules and Responsibilities A concise reference and guide for all members of the Princeton University community. This document includes brief statements of University policies that are most likely to be applicable to and of interest to all University constituencies , including policies applicable to information technology use.
	�	Princeton University Information Technology Resources and Internet Access -- Guidelines for Use Defines the general rules of conduct for members of the University community when using the University's technology resources. It provides clear examples of acceptable and unacceptable behavior, and details the range of penalties for violations of University regulations and policy.
�	�	Password Composition Policy Defines�the minimum level of complexity that�passwords used to access University systems are to have.
	�	Policy for Handling Credit and Debit Card Payments The University’s policy and procedures intended�for anyone who accepts, captures, stores, transmits and/or processes of credit or debit card payments�as well as�those who support automated systems that manage credit card information to ensure that credit and debit card information is handled and disposed of in a manner that satisfies the University’s obligation to protect such information to the level that meets or exceeds that required by the Payment Card Industry.
	�	Data Breach Response Plan A comprehensive plan to address the potential exposure of sensitive University information due to the loss or theft of a computer or piece of storage media, or the compromise of a computer system. This document describes the procedural flow of activities, and the roles and responsibilities of the individuals, departments and agencies affected.
	�	Best Practices for Information Access Defines the role of Information Guardian and its responsibilities for data protection and enforcing rules for authorized data sharing.