Articles (15)

02 - Information Technology and Security Definitions

The Information Technology and Security Policy Definitions includes defined terms relevant to OU's IT and information security policies and standards. Email Transmission and Use Policy

This Email Transmission and Use policy establishes the rules for using email to send, receive, or store electronic mail and informs email users of their responsibilities associated with such use. System Logging Policy

The System Logging Policy outlines the minimum processes that must be in place to ensure access and activity are recorded and reviewed to maintain compliance with the University of Oklahoma (OU) compliance requirements. Password Policy

The purpose of this policy is to establish guidance regarding the creation and management of OU accounts in order to protect the security of the network, protect data integrity, and protect information systems. Computer Standardization Policy

The purpose of the OU Computer Standardization Policy is to support and enhance the missions and administrative functions of the University of Oklahoma. IT Disaster Recovery Policy

Disaster recovery planning ensures that system dependencies have been identified and accounted for when developing the order of recovery, establishing recovery time and recovery point objectives, and documenting the roles of supporting Information Technology (IT) personnel. Data Backup Policy

The backup requirements found in this Policy will allow business processes, teaching and learning activities, research projects and university operations to be resumed in a reasonable amount of time, based on criticality, with minimal loss of data. Security Incident Management Policy

This Security Incident Management Policy establishes the standardized process for identifying, containing, eradicating, and recovering from security incident. It establishes the basic language to discuss such incidents, identifies roles and responsibilities involved in responding to and recovering from these incidents, and provides a playbook for handling these events from the time an event is detected to the post incident report and event closing. Information (Data) Classification Standard

The University of Oklahoma (OU) recognizes that institutional information is an asset, critically important to effectively supporting OU’s mission of excellence in teaching, research and creative activity, and service. OU also recognizes the need for appropriate data protections, to ensure student and employee privacy is respected and the University complies with applicable laws. Remote Access Standard

The purpose of this standard is to define the usage and restrictions for remote access, support, maintenance, and administration mechanisms. Encryption Standard

This Encryption Standard provides guidance to protect assets, such as computers, portable devices, communication networks and their sensitive data that may reside in such devices or networks from unauthorized access by employing encryption technologies.

Media Disposal Guideline

The purpose of this guideline is to define the best practices for media disposal at the University of Oklahoma.