Information Security Policies

Policies on Use of Computers (AUP) ^{Updated 01-08-2004} policy

This policy defines what is acceptable behavior while using any University computer or networking resource. This is a general policy designed to protect sensitive information, personal privacy, and prevent abusive behavior. Use of specific services may have additional limitations.

Privacy Policy ^{Updated 09-17-2009} policy

University departments should protect the privacy of individuals who have sensitive information stored on university assets. Social Security Numbers are always confidential. University departments that collect sensitive information on their Web pages must post a link to the UGA Privacy Policy and inform consumers about any persons or entities outside the University with whom they may share sensitive information collected online.

E-mail Policy ^{Updated 01-01-2005} policy

Messages sent using UGA's e-mail service are property of the University, and should be professional and respectful. E-mail may not be used for paid advertisements, distributing spam, or misleading others under a false identity.

Credit Card Processing Policy ^{Updated 03-21-2008} policy

This policy provides requirements and guidance for all credit and debit card processing activities for the University of Georgia. Additional information related to the Payment Card Industry Data Security Standard can be found on our PCI-DSS laws page.

Minimum Security Standards ^{Updated 12-12-2006} policy standard

These standards are the minimum security requirements for devices that access and use the UGA Network. Systems that handle sensitive information are encouraged to follow stronger security guidelines -- such as CheckIT, Guidelines for Handling Sensitive Information, and Guidelines for Trusted Computing -- and should also follow the privacy policy.

Password Standard ^{Updated 06-11-2009} policy standard

All University computers and network accounts must be password protected. These passwords should meet strength requirements outlined in the password guideline and be changed at least twice a year. Passwords should not be stored in a manner that allows for unauthorized access to a system. UGA MyID and password are preferred for authentication in university systems.

Information Classification Standard ^{Updated 05-06-2009} standard

Classifying information is the first step in determining the information's need for protection. This standard helps classify information and systems by levels of sensitivity and criticality, to help determine what level of protection may be required.

Guidelines for Handling Sensitive Information ^{Updated 05-27-2009} guidelines

Mishandling of sensitive information is a significant risk to the University, and may cause considerable financial or reputational harm. It is the responsibility of all UGA personnel to be aware of any sensitive information they may be handling, retaining, or transmitting.

Guidelines for Trusted Computing ^{Updated 05-27-2009} guidelines

Systems that store or process sensitive information should adhere to the suggestions put forth in this guideline. These guidelines are not requirements and do not supersede requirements set forth in the UGA Policies on the Use of Computers, the Minimum Security Standards for Networked Devices, and other UGA policies and standards.

Electronic Equipment Disposal and Transfer Recommendations guidelines

Any data storage device that contains sensitive information must be properly handled before disposal or transferring to a third party. This guideline outlines appropriate steps for different scenarios involving handling sensitive devices.