All university data must be classified into one of 4 categories described in this standard and protected using security measures consistent with the minimum standards for the classification level as described in related information/data security policies.
|Acceptable Use of Extracted RF Data Outside the RF Business System|
Data protection policies, procedures, and standards must be followed when RF proprietary data are extracted from the RF business system and combined into a non-RF business system.
|Access to Information Compliance Form|
The University at Buffalo does not permit UB computer identity tokens to be used as authentication tokens without the written consent of the UB Chief Information Officer.
|Central Email Communications Management and Retention Policy|
Advises the UB community how long central email is retained, and provides guidance in managing information communicated by email. Unencrypted email is never a private means of transmitting information securely.
|Computer and Network Use Policy|
Establishes conditions of use and user responsibilities for UB’s computing and network resources. Included are definitions of abuse of computing resources and access to computing resources.
|Domain Name Service Policy|
The University at Buffalo (UB) domain name space is a University resource, managed for the benefit of the entire University community. UB requires the central recording and registration of all fully qualified domain names within University address space.
|Email Servers Connected to UB Network|
Establishes requirements for the management of email servers connected to the University at Buffalo network.
|Information Security: Data Access and Security Policy|
Defines the data management environment and assigned roles and responsibilities for protecting UB's non-public information from unauthorized access, disclosure, or misuse.
Policies and procedures that govern the establishment and use of email distribution lists at UB (listserv.buffalo.edu)
|Log File Access and Retention Policy|
Retention and destruction rules for system logs on servers and networked devices that are managed by central IT. Log files are confidential, subject to privacy requirements, and are destroyed after their business use is completed.
|Mass Digital Communications Policy, Guidelines and Procedures|
Defines when and how use of mass digital communications may be used to broadcast time sensitive messages to large segments of campus audiences. This policy sets forth guidelines and procedures for appropriate use of mass digital communications.
UB's privacy practices regarding information collected from users of specific University at Buffalo websites. UB recognizes that it is critical for everyone to be confident that their privacy is protected when they visit UB websites.
|Protection of Regulated Private Data Policy|
Contains the definition of regulated private data and appropriate practices and responsibilities for protecting these data.
|Quota and Data Retention Policy for Course Materials on Central Streaming Media Services|
Defines file storage quotas and when course related files will be deleted for streaming media files, in alignment with UBlearns data retention policy.
|Remote Access to Administrative System Policy|
Defines the appropriate security measures required for authorized users to remotely connect to UB administrative systems from networks that are not controlled by UB.
|Retention Guidelines for Log Files|
Log files retention periods for specific CIT services are specified in this document. Includes the Log File destruction procedure.
|Securing Network Connected Devices|
Outlines how computing and network devices are to be connected to UB's data communications network, and who is responsible for the security of those connected devices.
|Social Security Number Usage Policy|
Discontinues the use of Social Security Numbers as electronic data within applications and files. Proposed is a plan for the stepwise elimination of this practice.
|Standards for Securing Regulated Private Data Policy|
Defines standards for how Regulated Private Data may be accessed, used, transmitted, stored and disposed at UB.
|Telephone Use Policy|
Telephones, including both wired (desk phones, including VOIP) and cellular phones issued and paid for by the University are, like all other University assets and services, intended to be used for the purpose of conducting official University business.
|UB IT Central Email Policies and Procedures|
A set of policies and procedures for Central Email such as spam filtering, forwarding, retention etc. that do not apply to UBmail accounts powered by Google.
|UB Modifications to NYS Information Security Policy|
Modifications adjust the New York State Information Security policy for UB’s higher education environment.
|UB Network Connection Policy|
Defines the integrity of UB’s data network, how electronic devices shall be connected, how devices shall be secured from Internet threats, and what actions will be taken when a devices becomes compromised.
|UB Resnet Acceptable Use Policy|
ResNet is a wired data communications network exclusive to UB’s residence halls and apartments. In this document are the responsibilities and accepted behavior specific to people who use ResNet.
|UBIT Password Policy|
Policies for individual accountability, security, viability, aging and third-party use of passwords associated with UBITNames.
|UBITName Account Policy|
Defines who is eligible for a UBITName, what happens when a person’s affiliation to the University changes, UBITName change process, and how a UBITName can be created for administrative purposes.