The access and use of many university software platforms require careful management and security oversights.
The policies, guidance protocols and additional resources have been compiled to help you navigate your daily work tasks while maintaining the integrity of university data and crucial software systems.
Administrative Policy Statements
- Data Goverance APS 6010
- IT Security Program APS 6005
- Providing and Using Information Technology APS 6001
- Use of Electronic Mail Administrative Polciy Statement APS 6002
- Collection of Personal Data from Students and Customers Administrative Policy Statement APS 7003
- Retention of University Records Administrative Policy Statement APS 2006
University-wide Policies and Guidelines
General Security
- System-wide Baseline Secuirty Standards
- System-wide High Impact Security Standards
- Standards for Security Controls in Purchasing
- Standards for Data Classification and System Security Categorization
Data Privacy
- Privacy Statement
- Employee Data Use Guidelines
- Student Data Use Guidelines
- Standards for Individuals with Privileged Access
- Systen-wide Incident Response Procedure to Data Breaches
- Office of Information Security Risk Assessment Prcoess
- Risk Acceptance Process
- Request to Access Electronic Communications of Others
- EU General Data Protection Regulation Compliance
Additional Resources
Laws and Regulations
Original sources for relevant legal and compliance policies and documentation.
- Colorado Protections for Consumer Data Privacy
- Family Educational Rights and Privacy Act (FERPA)
- Health Insurance Protability and Accountability Act (HIPAA)
- Gramm-Leach-Bliley Act (GLBA)
- Payment Card Industry Data Security Standard (PCIDSS)
Cyber Risk and Compliance Committee
The Cyber Risk and Compliance Committee serves to provide oversight and support of IT Security across all University of Colorado campuses.