Skip Navigation Links
Skip navigation links
Compliance
Home
Internal Control
Policy
Policy Library
RAP Questionnaire
Academic
Facilities Policy
Information Technology (IT) Policies
Go Search
Skip navigation links
Browse By Alphabet
Browse By Category
Academic
Facilities Policy
Financial Policies
General University Policies
Human Resources Policies
Information Technology (IT) Policies
Research Policies
Draft Policies
Policy Development
Policy FAQ's
Policy Home
Policy Tool Kit
Related Sites
Research Foundation
SUNY Policy Library
UB Policy and Internal Control
University at Buffalo
Information Technology (IT) Policies
 
 
Policies that cover systems, access, data, and related issues.
 
Policy content is the responsibility of the executive listed on the first page of each policy. Please contact the Responsible office noted in the Contact Information section near the end of the policy if you have questions about interpretation or content.
SummaryFilter
Acceptable Use of Extracted RF Data Outside the RF Business System.aspxAcceptable Use of Extracted RF Data Outside the RF Business System
Data protection policies, procedures, and standards must be followed when RF proprietary data are extracted from the RF business system and combined into a non-RF business system.
Use of UB Computer Identity Tokens.aspxAccess to Information Compliance Form
Access to personnel, student, financial, medical, and patient information contained within UB’s Information Systems and external SUNY Systems is limited to those individuals whose position requires use of this information.
Management and Retention of Central Email Communications Policy.aspxCentral Email Communications Management and Retention Policy
Advises the UB community how long central email is retained, and provides guidance in managing information communicated by email. Unencrypted email is never a private means of transmitting information securely.
Computer and Network Use Policy.aspxComputer and Network Use Policy
Establishes conditions of use and user responsibilities for UB’s computing and network resources. Included are definitions of abuse of computing resources and access to computing resources.
Data Classification Standard.aspxData Classification Standard
All university data must be classified into one of 4 categories described in this standard and protected using security measures consistent with the minimum standards for the classification level as described in related information/data security policies.
Domain Name Service Policy.aspxDomain Name Service Policy
The University at Buffalo (UB) domain name space is a University resource, managed for the benefit of the entire University community. UB requires the central recording and registration of all fully qualified domain names within University address space.
Email Servers Connected to UB Network Policy.aspxEmail Servers Connected to UB Network
Establishes requirements for the management of email servers connected to the University at Buffalo network.
Information Security Data Access and Security Policy.aspxInformation Security: Data Access and Security Policy
Defines the data management environment and assigned roles and responsibilities for protecting UB's non-public information from unauthorized access, disclosure, or misuse.
LISTSERV Policy.aspxListserv Policy
Policies and procedures that govern the establishment and use of email distribution lists at UB (listserv.buffalo.edu)
Log File Access and Retention Policy.aspxLog File Access and Retention Policy
Retention and destruction rules for system logs on servers and networked devices that are managed by central IT.  Log files are confidential, subject to privacy requirements, and are destroyed after their business use is completed.
Mass Digital Communications (email) Policy, Guidelines and Procedures.aspxMass Digital Communications Policy, Guidelines and Procedures
Defines when and how use of mass digital communications may be used to broadcast time sensitive messages to large segments of campus audiences. This policy sets forth guidelines and procedures for appropriate use of mass digital communications.
Web Privacy Policy.aspxPrivacy Policy
UB's privacy practices regarding information collected from users of specific University at Buffalo websites. UB recognizes that it is critical for everyone to be confident that their privacy is protected when they visit UB websites.
Protection of Regulated Private Data Policy.aspxProtection of Regulated Private Data Policy
Contains the definition of regulated private data and appropriate practices and responsibilities for protecting these data.
Quota and Data Retention Policy for Course Materials on Central Streaming Media Services.aspxQuota and Data Retention Policy for Course Materials on Central Streaming Media Services
Defines file storage quotas and when course related files will be deleted for streaming media files, in alignment with UBlearns data retention policy.
Remote Access to Administrative Systems Policy.aspxRemote Access to Administrative System Policy
Defines the appropriate security measures required for authorized users to remotely connect to UB administrative systems from networks that are not controlled by UB.
Retention Guidelines for Servier Log Files.aspxRetention Guidelines for Log Files
Log files retention periods for specific CIT services are specified in this document. Includes the Log File destruction procedure.
Securing Network Connected Devices.aspxSecuring Network Connected Devices
Outlines how computing and network devices are to be connected to UB's data communications network, and who is responsible for the security of those connected devices.
Social Security Number Usage Policy.aspxSocial Security Number Usage Policy
Discontinues the use of Social Security Numbers as electronic data within applications and files.  Proposed is a plan for the stepwise elimination of this practice.
Standards for Securing Regulated Private Data Policy.aspxStandards for Securing Regulated Private Data Policy
Defines standards for how Regulated Private Data may be accessed, used, transmitted, stored and disposed at UB.
Telephone Use Policy.aspxTelephone Use Policy
Telephones, including both wired (desk phones, including VOIP) and cellular phones issued and paid for by the University are, like all other University assets and services, intended to be used for the purpose of conducting official University business.
UB IT Central Email Policies and Procedures.aspxUB IT Central Email Policies and Procedures
A set of policies and procedures for Central Email such as spam filtering, forwarding, retention etc. that do not apply to UBmail accounts powered by Google.
UB Modifications to NYS Information Security Policy.aspxUB Modifications to NYS Information Security Policy
Modifications adjust the New York State Information Security policy for UB’s higher education environment.
UB Network Connection Policy.aspxUB Network Connection Policy
Defines the integrity of UB’s data network, how electronic devices shall be connected, how devices shall be secured from Internet threats, and what actions will be taken when a devices becomes compromised.
UB ResNet Acceptable Use Policy.aspxUB Resnet Acceptable Use Policy
ResNet is a wired data communications network exclusive to UB’s residence halls and apartments. In this document are the responsibilities and accepted behavior specific to people who use ResNet.
UB Password Policy.aspxUBIT Password Policy
Policies for individual accountability, security, viability, aging and third-party use of passwords associated with UBITNames.
UBITName Policy.aspxUBITName Account Policy
Defines who is eligible for a UBITName, what happens when a person’s affiliation to the University changes, UBITName change process, and how a UBITName can be created for administrative purposes.