IT Policy & Regulation Resources
IT Policy, Standards, Best Practices, and Procedures
Implementing and managing IT policies, standards, best practices, and procedures is crucial in higher education. These frameworks ensure security, protect data, and build trust. Following industry benchmarks, UA optimizes technology investments, strengthens reliability, and enhances performance. Proactive management and user training bolster resilience against cyber threats, fostering a secure and efficient campus ecosystem aligned with the educational mission.
Information Security Policies:
These are the highest enabling documents relating to the cybersecurity program at UA.
- Accounting and Administrative Manual Section 400: Information Technology
- UA Cybersecurity Strategic Plan - Revision 2.4
- IT Risk Management Program - DRAFT
- Merged SaaS TCs for UA - Updated 2023-08-15
Information Security Standards:
These are the draft framework documents relating to the cybersecurity program at UA. Links will be updated when the final version is available.
- Access Management Standard
- Auditing and Monitoring Standards
- Authentication and Password Standards
- Cybersecurity Incident Response Standard
- Incident Classification Standard
- Information Security Controls Standard
- IT Risk Assessment Standard
- IT Risk Classification Standard
- Minimum Security Standards
- Patch & Vulnerability Management Standard
- Privileged Access Standard
- Remote Access Standard
- Security Controls Exception
Information Security Best Practices & Guidelines:
These are draft documents designed to guide decision making and support UA's IT Risk Management Program.
- CUI FAQ's for Research
- AI @ UA Best Practices
Information Security Supplemental Documents/Operating Procedures:
These are documents designed to provide transparency on how IT is managed at UA.
- Security Operations Playbook - Requires UA Login