University Policies
12.1 Intellectual Property Policy – Policy which delineates the rights and obligations of both an individual (Faculty, Administrator, Student, or Staff) and the University with regard to intellectual property
12.2 Copyright Policy - Policy which states the University’s compliance with federal copyright laws
12.3 Computing and Communications Policy - Rules which govern the appropriate use of SMU computing and network resources.
12.4 Electronic Payment Processing Policy – Outlines the methods by which University departments may participate in electronic commerce, and how personal information must be protected during transactions.
12.5 Information Security Policy– Defines the basic security measures and controls for managing information and technology at SMU.
12.6 Password Management Policy (under review) – Defines the University’s power to regulate and manage passwords at SMU, and outlines the responsibilities for password management.
12.6 Password Management Policy (draft)
12.x Information Security Incident Response Policy (draft) – Policy which outlines the steps which will be undertaken by SMU in the event of a security breach.
12.x Use and Protection of Personal Information Policy (draft) – Policy which defines how personal information may be accessed, and requirements for electronically storing this information.
IT Procedures
Information Security Incident Response Procedures - Outlines the procedures that Information Security personnel follow in response to an information security incident.
Server Procedures for Personal Information Servers Document outlining required security procedures for servers that store Personal Information at SMU
Registration Form for Servers that store Personal Information (Draft) - Per the Security Procedures for Personal Information Servers, all servers which store Personal Information are required to complete a defined registration process before they may be used to store Personal Information at SMU.
Security Procedures for Personal Information Computers (draft) -Document outlining required security procedures for computers which store Personal Information at SMU.
Personal Information Storage Exception Procedures (draft) -Any device which stores Personal Information, but does not meet all applicable requirements in the "Security Procedures for Personal Information Servers" or the "Security Procedures for Personal Information Computers" must follow these exception procedures.
Exception Form for Personal Information Storage Exception (draft) -Per the Personal Information Storage Exception Procedures, certain devices which store Personal Information must be approved before they may be used to store Personal Information at SMU.
Destruction of Electronic Personal Information Data Procedures (draft) -Document describing when and how electronic Personal Information must be sanitized, and who bears associated responsibilities.
Desktop Database Security: Policy and Best Practices