The University has established policies to explain and define your responsibilities, as members of the campus community, to properly secure the University's information and technology as required by the nature of the information and/or by legislative or contractual obligations.
A brief description of the University's information and technology-related policies are listed below. Click the policy name to access the policy websites.
- Princeton University Information Technology Policy
Defines the general rules of conduct for members of the University community when using the University's technology resources. It provides clear examples of acceptable and unacceptable behavior, and details the range of penalties for violations of University regulations and policy.
- Princeton University Information Security Policy
Principles for protecting information in a manner that is consistent with its requirements for confidentiality, integrity and availability wherever it is located across the University.
- Rights, Rules and Responsibilities
A concise reference and guide for all members of the Princeton University community. This document includes brief statements of University policies that are most likely to be applicable to and of interest to all University constituencies , including policies applicable to information technology use.
- Policy for Handling Credit and Debit Card Payments
The University’s policy and procedures intended for anyone who accepts, captures, stores, transmits and/or processes of credit or debit card payments as well as those who support automated systems that manage credit card information to ensure that credit and debit card information is handled and disposed of in a manner that satisfies the University’s obligation to protect such information to the level that meets or exceeds that required by the Payment Card Industry.
- Password Composition Best Practices
Defines the minimum level of complexity that passwords used to access University systems are to have.
- Best Practices for Information Access
Defines the role of Information Guardian and its responsibilities for data protection and enforcing rules for authorized data sharing.