Information & IT Policies

University-wide IT Policies

University-wide IT policies apply to all users of Indiana University information technology resources regardless of affiliation, and irrespective of whether those resources are accessed from on-campus or off-campus locations.

IT-01Appropriate Use of IT Resources
IT-02Misuse and Abuse of IT Resources
IT-03Eligibility to Use IT Resources
IT-07Privacy of Electronic Information and Information Technology Resources
IT-07 Frequently Asked Questions
IT-11Excessive Use of IT Resources
IT-12Security of IT Resources
IT-12.1 Mobile Device Security Standard
IT-18Network and Computer Accounts Administration
IT-19Extending the University Data Network
IT-20Wireless Networking
IT-21Use of Electronic Mail
IT-28Cyber Risk Mitigation Responsibilities
ISPP-24Web Site Privacy Notices
ISPP-24 Frequently Asked Questions
ISPP-26ISPP-26 Information and Information System Incident Reporting, Management, and Breach Notification
ISPP-27ISPP-27 Privacy Complaints


For more information about information and information technology policy administration at IU, see the Policy Administration Process Summary.

Other Policies

Mutual Non-Disclosure StatementUniversity Purchasing/Counsel
Indiana University "Whistleblower" PolicyIndiana University
Sale of Computer EquipmentUniversity Purchasing
Disposal & Redistribution of University Property - for secure disposal of computer mediaUniversity Purchasing
Responsibility for Banking/ACH/Credit Card TransactionsOffice of the Treasurer
Anonymous Reporting HotlineInternal Audit
Release of Student InformationStudent Enrollment Services
Risks of Potential Identity Theft in the Use of Stored-Value and Payroll DeductOffice of the VP and Chief Financial Officer

Data Management Policies

Data Management policies are issued by the Committee of Data Stewards.

DM-01Policy for Management of Institutional Data
Standards for Management of Institutional Data
DM-02Disclosing Institutional Information to Third Parties

Security & Policy Blog Posts

  • OpenSSL vulnerability made public on JUly 9, 2015 does not impact current popular linux distrubitons
  • The GHOST vulnerability allows an attacker to remotely take control of a system.
  • Drupal announced the availability of a patch to fix a critical SQL injection vulnerability in Drupal 7.
  • Creating and maintaining a disaster recovery plan for departments and thier critical services

    Recent Security Bulletins

  • RCE vulnerability in OpenFont support for all versions of Windows
  • Notice of a zero-day vulnerability in Oracle's Java has been made public
  • Multiple Zero-Day Flash vulnerabilities.
  • A critical vulnerability in Microsoft's HTTP.sys component may lead to remote code execution.