Information Technology Policies

The University of Chicago, through its IT Services department, maintains a broad range of policies and guidelines for the use of information technologies at the University. 

Please note that IT Services will never request your CNetID and/or password via email, external web form, or other unusual methods (e.g., a Google Sheets spreadsheet). If you receive such a request, it is a phishing attack and aimed at illegally obtaining your CNetID and password. Never reply to these messages or follow any instruction these messages contain.

Information Technology Policies

• Acceptable Use Policy – describes the policy governing the use of information technology at the University.

• Computer Account and Email Requirements for University Employees Policy – describes the policy for employee access to online University administrative systems.

• Digital Accessibility Policy – specifies how university web properties and their content should be updated to improve user experience.

• End User Device Policy – defines specific steps end users take to appropriately secure from misuse or theft the computers and other electronic devices they regularly use for their own access to the network.

• File Sharing Policy – describes the file sharing policy for sharing copyrighted materials on the University network.

• Information Technologies and Intellectual Property at the University – describes the basic principles surrounding new information technologies and intellectual property at the University.

• Information Security Policy - This policy sets forth a set of requirements for ensuring security and protecting the confidentiality, integrity, and availability of University information technology resources and data.

• Social Security Number Digital Usage Policy – provides usage and remediation guidelines for the use of Social Security Numbers in digital form.

• Research Data Protection Policy – sets forth roles and responsibilities to promote good research practices and mitigate the risks associated with improper treatment of research data.

• Web Properties Management Policy – describes four practices to ensure web properties are managed in a secure and professional manner.

• Written Information Security Program - outlines the University's policies, procedures, and controls for protecting sensitive information. It is required to comply with the Gramm-Leach-Bliley Act (GLBA), General Data Protection Regulation (GDPR), Health Insurance Portability and Accountability Act (HIPAA), and state data security laws. The WISP Addendum addresses specific University of Chicago Medical Center (UCMC) requirements for the WISP.

Information Technology Standards

• Asset Management Standard - outlines the approach to managing technology assets effectively throughout their lifecycle.

• Data Classification Standard – defines classification of confidential information and assigns corresponding roles and responsibilities.

• Incident Response Standard - a critical framework that articulates the University’s approach to managing security incidents.

• Placement of Computing Devices in Network Security Zones Standard – describes the criteria used to determine how devices are placed into network security zones.

• Port Monitoring Standard – describes the request methods and limitations on port monitoring.

• Redirection of University Domain Names to External Networks Standard – describes the approval process for pointing a domain name to an external network.

• Requirements for Managed (Hardware) Firewalls Standard – governs all firewalls and devices that provide network address translation installed on the University’s network.

• Research Data Center Standard – outlines how research data center resources are to be managed, to ensure optimal and equitable allocation of resources, as well as to require regular refreshment of old hardware to increase power usage efficiency.

• Sanitization of Digital Storage Media Standard – describes the mandatory processes for sanitizing various storage devices.

• FAQs on the Sanitization of Digital Storage Media – provides answers to frequently asked questions about sanitization of digital storage media.

• UChicago ID Usage Standard – provides background information and usage guidelines for the ChicagoID.

• Use of External Service Providers – policy for using third party technology providers for data storage and transmission.

• Use of Non-uchicago.edu Domain Names Standard – outlines the circumstances under which any domain name other than uchicago.edu can be used on the University network.