Policies & Governance

The University of Illinois has issued a number policies that govern certain operations at the university, two of which are highlighted here.

Information Security Policy

The Information Security Policy is a directive from the university leadership to adhere to the university-published information security standards and controls.  The standards themselves are managed and approved by the respective university Chief Information Officers.

The same policy covers both the Urbana and Springfield campuses; the text of the policy can be found here:
Urbana: https://cam.illinois.edu/policies/fo-36/
Springfield: https://www.uis.edu/informationtechnologyservices/security-4/information-security-policy/ 

This policy applies to everyone who accesses data or university networks or who stores data through the use of university credentials or under the authority of and pursuant to university contracts (“University Community Members”).

This policy also applies to such access and storage by university community members whether the data is accessed, stored or otherwise resides on university-owned or controlled devices, personally-owned or controlled devices, or devices owned or controlled by a third party under contract with the university.

Appropriate/Acceptable Use Policy

The Urbana policy for Appropriate Use of Computers and Network Systems
https://cam.illinois.edu/policies/fo-07/

The Urbana Acceptable Use Policy specifically names the Urbana Office of the Chief Information Officer as responsible for determining when university systems, networks, and other resources are being used in a non-compliant or insecure manner, and the university authorizes that office to remove network access and where appropriate, to notify campus or legal authorities. This authority, in practice, is delegated by the CIO to the Chief Information Security Officer.

The Springfield policy for Acceptable Use of Information Technology Resources
https://www.uis.edu/informationtechnologyservices/about/policies/#acceptuse
The Springfield Acceptable Use Policy specifies that violations of the policy are subject to the suspension of user privileges or other disciplinary action.

For questions related to these policies, please contact Technology Services – Privacy and Information Security; 217-265-0000; itpolicy@illinois.edu.

Related policies

• Appropriate Use of Computers and Networks Systems
• University Of Illinois System Acceptable Use of Computing and Networking Resources Policy
• University of Illinois System HIPAA Privacy and Security Directive
• University of Illinois System PCI DSS Policies
• University of Illinois System Family Educational Rights and Privacy Act (FERPA) and Compliance
• University of Illinois System Comply with the Red Flags Rule
• University of Illinois System Web Privacy Notice
   

Related laws

• Family Educational Rights and Privacy Act (FERPA)
• Gramm-Leach Bliley (GLBA)
• Health Insurance Portability and Accountability Act (HIPAA)
• Illinois Personal Information Protection Act (PIPA)
• Illinois Data Security on State Computers Act
• Payment Card Industry – Data Security Standard (PCI-DSS)