01 - OU IT Policy, Standards, and Procedures (PSP) Program


Effective IT Governance is required for successful Information Technology strategy. Policies, Standards, and Procedures (PSP) are critical to managing risk, every policy is a risk document that aims to  control behavioral related risks. At its core, the OU IT PSP Program is people-centered from staff, faculty, and key stakeholders. 

OU IT as a subject matter expert, develops policies that support the governance, risk concerns, and compliance requirements of the University.  The OU IT PSP program recognizes the ecosystem of individuals impacted by policies must be able to provide input into policies and enables all stakeholders to share a common understanding, operate within parameters that are safe and effective, and work together to protect the University’s data and compute environment.


  • Policy: OU IT Policies establish University leadership's intent and are high-level requirements designed to protect the University's mission.
  • Procedures: OU IT Policy Procedures establish how tasks are performed to meet the requirements establish in Standards and to meet controls.  Policy and Procedures are combined documents and will live on the OU Policy Portal (PolicyTech).
  • Standards: OU IT Standards are formally established requirements in regard to a process, action, or configuration.

How To Use This Page

  • Owner:  The Owner is the person or group who manages this article and is notified of feedback (depending on the Notify Owner of Feedback setting). They can also make edits to the article.
  • Created:  Indicates date the article was created.
  • Modified:  Indicates the date a policy, standard, procedure or plan was last revised.
  • Next Review Date:  Indicates the date on which the article should next be reviewed to ensure that its content is relevant.
  • Campus:  Indicates the campus the policy or standard applies to.
  • Related Services:  Includes links to supporting knowledgebase/IT help articles.
  • Attachments:  Includes supporting attachments or documents.

Submit a Comment

Documents that are open for comments are labeled so and indicate when the comment period closes.  Comments are invited and will be accepted at any time throughout the year.  However, for comments to be included in the review by OU IT Governance Boards for the next version of the document, they must be received by 5:00pm.

To provide comments on a draft policy, you will be asked to sign-in.  At the bottom of the policy you should see an option to sign-in to leave feedback.  

Sign in to leave feedback
You will be prompted to select an authentication system.  Select OU and continue.

OU Authentication Selection Menu

The next screen will ask you to login with your @ou.edu or @ouhsc.edu email address and password.

OU Account Logon Page

Once you are logged in, you can scroll to the bottom of the policy and will be presented with the question, "Was this helpful?".  Select the appropriate response.

Was this helpful?

The final screen will give you an opportunity to provide a more detailed comment and let us know why the policy was or was not helpful.  Your feedback is crucial to this program.


View Submitted Comments

Comments are shared across the enterprise to allow constituents and stakeholders access to the feedback that shapes effective policy.  OU IT will create a comment summary log that will be accessible in the attachments section of each policy or standard.  This summary will be updated every week during the comment period.



0% helpful - 1 review


Article ID: 3011
Mon 8/7/23 1:18 PM
Tue 10/31/23 9:54 AM

Related Articles (5)

This policy aims to define rules and requirements for connecting to the OU network from any host. These rules and requirements are designed to minimize the potential exposure to OU from damages resulting from unauthorized use of OU resources. Damages include the loss of sensitive or company confidential data, intellectual property, damage to public image, damage to critical OU internal systems, and fines or other financial liabilities incurred because of those losses.
The purpose of this policy is to define which assets must be inventoried, identify the attributes that must be included in any asset inventory, and establish appropriate oversight roles, responsibilities, and procedures for asset management.
The University of Oklahoma (OU) recognizes that Institutional Data is an asset and critically important to effectively supporting OU’s mission. The value of data as an institutional resource is increased through its widespread and appropriate use; its value is diminished through misuse, misinterpretation, or unnecessary restrictions to its access. The university has an obligation to protect the integrity and quality of institutional data, privacy of data subjects, and security of institutional d
The purpose of this procedure is to provide guidance on how to properly configure, install, and maintain a firewall.
The System Logging Standard outlines the minimum processes or configurations that must be in place to ensure access and activity is recorded and reviewed to maintain compliance with the System Logging Policy.