Information & IT Policies

University-wide IT Policies

University-wide IT policies apply to all users of Indiana University information technology resources regardless of affiliation, and irrespective of whether those resources are accessed from on-campus or off-campus locations.

IT-01Appropriate Use of IT Resources
IT-02Misuse and Abuse of IT Resources
IT-03Eligibility to Use IT Resources
IT-07Privacy of Electronic Information and Information Technology Resources
IT-07 Frequently Asked Questions
IT-11Excessive Use of IT Resources
IT-12Security of IT Resources
IT-12.1 Mobile Device Security Standard
IT-18Network and Computer Accounts Administration
IT-19Extending the University Data Network
IT-20Wireless Networking
IT-21Use of Electronic Mail
IT-28Cyber Risk Mitigation Responsibilities
ISPP-24Web Site Privacy Notices
ISPP-24 Frequently Asked Questions
ISPP-26ISPP-26 Information and Information System Incident Reporting, Management, and Breach Notification
ISPP-27ISPP-27 Privacy Complaints


For more information about information and information technology policy administration at IU, see the Policy Administration Process Summary.

Other Policies

Mutual Non-Disclosure StatementUniversity Purchasing/Counsel
Indiana University "Whistleblower" PolicyIndiana University
Sale of Computer EquipmentUniversity Purchasing
Disposal & Redistribution of University Property - for secure disposal of computer mediaUniversity Purchasing
Responsibility for Banking/ACH/Credit Card TransactionsOffice of the Treasurer
Anonymous Reporting HotlineInternal Audit
Release of Student InformationStudent Enrollment Services
Risks of Potential Identity Theft in the Use of Stored-Value and Payroll DeductOffice of the VP and Chief Financial Officer

Data Management Policies

Data Management policies are issued by the Committee of Data Stewards.

DM-01Policy for Management of Institutional Data
Standards for Management of Institutional Data
DM-02Disclosing Institutional Information to Third Parties

Security & Policy Blog Posts

  • Drupal announced the availability of a patch to fix a critical SQL injection vulnerability in Drupal 7.
  • Creating and maintaining a disaster recovery plan for departments and thier critical services
  • How workplace culture affects information security and how that culture can be improved.
  • The FBI has issued a public service bulletin regarding recent cyber-crimes which target university employees and students. Criminal activities involve payroll and IRS filings.

    Recent Security Bulletins

  • Adobe Flash is vulnerable to exploit that could allow an attacker to take control of the affected system.
  • Vulnerability in SSL 3.0
  • Critical Bash Exploit: Shellshock
  • Vulnerability in OpenSSL versions 1.0.1 before 1.0.1g