Skip Ribbon Commands
Skip to main content


University at Buffalo
Information Technology (IT) Policies
Policies that cover systems, access, data, and related issues.
Policy content is the responsibility of the executive listed on the first page of each policy. Please contact the Responsible office noted in the Contact Information section near the end of the policy if you have questions about interpretation or content.
Acceptable Use of Extracted RF Data Outside the RF Business System
Data protection policies, procedures, and standards must be followed when RF proprietary data are extracted from the RF business system and combined into a non-RF business system.
Use of UB Computer Identity Tokens
Access to personnel, student, financial, medical, and patient information contained within UB’s Information Systems and external SUNY Systems is limited to those individuals whose position requires use of this information.
Management and Retention of Central Email Communications Policy
Advises the UB community how long central email is retained, and provides guidance in managing information communicated by email. Unencrypted email is never a private means of transmitting information securely.
Computer and Network Use Policy
Establishes conditions of use and user responsibilities for UB’s computing and network resources. Included are definitions of abuse of computing resources and access to computing resources.
Data Classification Standard
All university data must be classified into one of 4 categories described in this standard and protected using security measures consistent with the minimum standards for the classification level as described in related information/data security policies.
Domain Name Service Policy
The University at Buffalo (UB) domain name space is a University resource, managed for the benefit of the entire University community. UB requires the central recording and registration of all fully qualified domain names within University address space.
Email Servers Connected to UB Network Policy
Establishes requirements for the management of email servers connected to the University at Buffalo network.
Information Security Data Access and Security Policy
Defines the data management environment and assigned roles and responsibilities for protecting UB's non-public information from unauthorized access, disclosure, or misuse.
IT Services in UB Owned Space
Establishes the principles for which Internet connectivity, telephone, network device attachment and workstation support services will be provided to UB faculty, staff and departments within UB owned, controlled and managed spaces.
Policies and procedures that govern the establishment and use of email distribution lists at UB (
Log File Access and Retention Policy
Retention and destruction rules for system logs on servers and networked devices that are managed by central IT.  Log files are confidential, subject to privacy requirements, and are destroyed after their business use is completed.
Mass Digital Communications (email) Policy, Guidelines and Procedures
Defines when and how use of mass digital communications may be used to broadcast time sensitive messages to large segments of campus audiences. This policy sets forth guidelines and procedures for appropriate use of mass digital communications.
Web Privacy Policy
UB's privacy practices regarding information collected from users of specific University at Buffalo websites. UB recognizes that it is critical for everyone to be confident that their privacy is protected when they visit UB websites.
Protection of Regulated Private Data Policy
Contains the definition of regulated private data and appropriate practices and responsibilities for protecting these data.
Quota and Data Retention Policy for Course Materials on Central Streaming Media Services
Defines file storage quotas and when course related files will be deleted for streaming media files, in alignment with UBlearns data retention policy.
Remote Access to Administrative Systems Policy
Defines the appropriate security measures required for authorized users to remotely connect to UB administrative systems from networks that are not controlled by UB.
Retention Guidelines for Servier Log Files
Log files retention periods for specific CIT services are specified in this document. Includes the Log File destruction procedure.
Securing Network Connected Devices
Outlines how computing and network devices are to be connected to UB's data communications network, and who is responsible for the security of those connected devices.
Social Security Number Usage Policy
Discontinues the use of Social Security Numbers as electronic data within applications and files.  Proposed is a plan for the stepwise elimination of this practice.
Standards for Securing Regulated Private Data Policy
Defines standards for how Regulated Private Data may be accessed, used, transmitted, stored and disposed at UB.
Telephone Use Policy
Telephones, including both wired (desk phones, including VOIP) and cellular phones issued and paid for by the University are, like all other University assets and services, intended to be used for the purpose of conducting official University business.
UB IT Central Email Policies and Procedures
A set of policies and procedures for Central Email such as spam filtering, forwarding, retention etc. that do not apply to UBmail accounts powered by Google.
UB Modifications to NYS Information Security Policy
Modifications adjust the New York State Information Security policy for UB’s higher education environment.
UB Network Connection Policy
Defines the integrity of UB’s data network, how electronic devices shall be connected, how devices shall be secured from Internet threats, and what actions will be taken when a devices becomes compromised.
UB ResNet Acceptable Use Policy
ResNet is a wired data communications network exclusive to UB’s residence halls and apartments. In this document are the responsibilities and accepted behavior specific to people who use ResNet.
UB Password Policy
Policies for individual accountability, security, viability, aging and third-party use of passwords associated with UBITNames.
UBITName Policy
Defines who is eligible for a UBITName, what happens when a person’s affiliation to the University changes, UBITName change process, and how a UBITName can be created for administrative purposes.