Information & IT Policies

University-wide IT Policies

University-wide IT policies apply to all users of Indiana University information technology resources regardless of affiliation, and irrespective of whether those resources are accessed from on-campus or off-campus locations.

IT-01Appropriate Use of IT Resources
IT-02Misuse and Abuse of IT Resources
IT-03Eligibility to Use IT Resources
IT-07Privacy of Electronic Information and Information Technology Resources
IT-07 Frequently Asked Questions
IT-11Excessive Use of IT Resources
IT-12Security of IT Resources
IT-12.1 Mobile Device Security Standard
IT-18Network and Computer Accounts Administration
IT-19Extending the University Data Network
IT-20Wireless Networking
IT-21Use of Electronic Mail
IT-28Cyber Risk Mitigation Responsibilities
ISPP-24Web Site Privacy Notices
ISPP-24 Frequently Asked Questions
ISPP-26ISPP-26 Information and Information System Incident Reporting, Management, and Breach Notification
ISPP-27ISPP-27 Privacy Complaints


For more information about information and information technology policy administration at IU, see the Policy Administration Process Summary.

Other Policies

Mutual Non-Disclosure StatementUniversity Purchasing/Counsel
Indiana University "Whistleblower" PolicyIndiana University
Sale of Computer EquipmentUniversity Purchasing
Disposal & Redistribution of University Property - for secure disposal of computer mediaUniversity Purchasing
Responsibility for Banking/ACH/Credit Card TransactionsOffice of the Treasurer
Protecting Departmental Computer ResourcesInternal Audit
Anonymous Reporting HotlineInternal Audit
Release of Student InformationStudent Enrollment Services
Risks of Potential Identity Theft in the Use of Stored-Value and Payroll DeductOffice of the VP and Chief Financial Officer

Data Management Policies

Data Management policies are issued by the Committee of Data Stewards.

DM-01Policy for Management of Institutional Data
Standards for Management of Institutional Data
DM-02Disclosing Institutional Information to Third Parties

Security & Policy Blog Posts

  • We have received approximately 15 reports from faculty and staff who have had a fraudulent 2013 federal tax return submitted to the IRS in their name. There is no evidence the tax fraud is a result of a disclosure of information that originated from IU.
  • On March 24th 2014, Microsoft released an advisory describing a vulnerability in all supported versions of Microsoft Word.
  • Apple has released critical security updates to address a dangerous bug in Apple's implementation of SSL/TLS that affects multiple versions of iOS 6, iOS 7, Apple TV OS 6, OS X 10.9 (Maverics).
  • Older version of NTP with outdated configuration may allow servers to be used in a Denial of Service attack

    Recent Security Bulletins

  • Vulnerability in OpenSSL versions 1.0.1 before 1.0.1g
  • New ransomware named CryptoLocker threatens to destroy data unless a payment is made.
  • Critical Java Vulnerability included in Exploit Kit
  • This bulletin details four recently published, critical rated, vulnerabillies in Adobe ColdFusion and ways to mitigate the risk of them being exploited including the hotfix for supported versions.