Give Now

Security

Policies and Legislation

University Policies

12.1 Intellectual Property Policy
Policy which delineates the rights and obligations of both an individual (Faculty, Administrator, Student, or Staff) and the University with regard to intellectual property
12.2 Copyright Policy
Policy which states the University’s compliance with federal copyright laws
12.3 Computing and Communications Policy
Rules which govern the appropriate use of SMU computing and network resources.
12.4 Electronic Payment Processing Policy
Outlines the methods by which University departments may participate in electronic commerce, and how personal information must be protected during transactions.
12.5 Information Security Policy
Defines the basic security measures and controls for managing information and technology at SMU.
12.6 Password Management Policy
Defines the University’s power to regulate and manage passwords at SMU, and outlines the responsibilities for password management.

IT Procedures

Information Security Incident Response Procedures
Outlines the procedures that Information Security personnel follow in response to an information security incident.
Server Procedures for Personal Information Servers Document
Outlines required security procedures for servers that store Personal Information at SMU
Registration Form for Servers that store Personal Information
Per the Security Procedures for Personal Information Servers, all servers which store Personal Information are required to complete a defined registration process before they may be used to store Personal Information at SMU.
Security Procedures for Personal Information Computers
Document outlining required security procedures for computers which store Personal Information at SMU.
Personal Information Storage Exception Procedures
Any device which stores Personal Information, but does not meet all applicable requirements in the "Security Procedures for Personal Information Servers" or the "Security Procedures for Personal Information Computers" must follow these exception procedures.
Exception Form for Personal Information Storage Exception
Per the Personal Information Storage Exception Procedures, certain devices which store Personal Information must be approved before they may be used to store Personal Information at SMU.
Destruction of Electronic Personal Information Data Procedures
Document describing when and how electronic Personal Information must be sanitized, and who bears associated responsibilities.
Desktop Database Security
Policy and Best Practices for Databases
Identity Theft Prevention Program
Outlines a program that is designed to identify, detect, and mitigate identity theft in connection with SMU accounts in response to the Federal Trade Commission's "Red Flag Rules".

Federal Regulation

FERPA
FERPA protects the privacy of students' education records by enforcing limitations on the release of student information. Particularly sensitive information includes students' Social Security numbers, race or ethnicity, gender, nationality, academic performance, disciplinary records, and grades.
Health Insurance Portability and Accountability Act of 1996 (HIPAA)
HIPAA is a federal law comprised of regulations that establish and protect patient rights and disseminate standards for the protection of individually identifiable health information.
Gramm-Leach-Bliley Act
GLBA sets forth key provisions on the collection and disclosure of consumer's personal financial information, such as bank account numbers.
FACTA Red Flags
The Federal Trade Comission, in conjunction with several other agencies set out a list of guidelines, collectively called the Red Flag Rules, that regulate how Universities will address potential incidents of Identity Theft.

State Regulation

Texas 78(R) SB 473
An Act relating to assisting consumers to prevent and detect identity theft; providing penalties.
Texas 79(R) SB 122
An Act relating to the prevention and punishment of identity theft and the rights of certain victims of identity theft; providing penalties.
Texas Penal Code 7.33
Criminal statute regarding Computer Crimes
Texas Penal Code 32.51
Criminal statute regarding Fraudulent Use or Possession of Identifying Information.