DRAFT*** University of Wisconsin-Superior Policy on Information Assurance ***DRAFT

University of Wisconsin-Superior Policy on Information Assurance

Introduction

Information Assurance (IA) is critical to the mission of the University. The purpose of this policy is to ensure that the University's Information assets, including Information Technology (IT) resources such as equipment and processes, are reliable, secure, and used in ways consistent with the campus mission. The Instructional and Information & Instructional Technology Committee (IITC) is charged with developing specific IA policies.

Authentication and Authorization

Information and IT resources in UW-Superior’s domain of ownership and control, other than the unrestricted portions of public web sites, are limited for use only by UW-Superior faculty, staff, students, and such other persons specifically granted access by IT staff. Access is only permitted to persons using their personal authentication tokens such as passwords. Using Information or IT resources to benefit a commercial business, for a personal financial benefit outside of the University employment, or in violation of any local, state or federal laws, including copyright laws, is prohibited. Access privileges of users who do not follow these policies may be restricted or suspended. IITC is charged with developing specific policies related to the appropriate use of Information and IT resources.

Information and IT Resources Accessibility

UW-Superior access to Information and IT resources must comply with all relevant federal, state, UW-System policies regarding access for persons with disabilities. IITC is charged with formulating appropriate campus policies on Information and IT Resources Accessibility in compliance with all relevant federal, state and UW-System policies.

Information Confidentiality

Information assets within University domain have various confidentiality levels. General Information should be treated within reasonable limits of privacy. Information considered confidential needs to be protected from unauthorized disclosure. Computer records and e-mail subject to disclosure under Wisconsin's Public Records Law should be accessible to the authorized requestor. IITC is charged with formulating appropriate campus policies on Information Confidentiality in compliance with all relevant federal, state and UW-System policies.

Information Integrity

The University's Information assets are of extreme business and intellectual value and their integrity is critical to UW-Superior’s mission. IITC is charged with formulating appropriate campus policies for Information Integrity including digital signatures and public key infrastructure.

Availability of Information and IT resources

The University’s Information assets have to be accessible in a reliable and uninterrupted way to maintain efficiency of instruction, research, and administrative functions. IITC is charged with formulating policies for IT resources to ensure that high levels of availability are maintained. This may include but is not limited to policies on deployment of network devices, security audits, physical security, and disaster recovery planning.