Skip to main content

Procedures & Policies

Security Procedures

Security Policies

  • ITS Computing Policy: Defines the access to and retention of all systems, accounts, and data, maintained in systems owned by ITS or for which ITS is responsible.

  • Information Security and Privacy Program Charter: University policy regarding the protection and responsible use of information collected from and about its students, faculty, staff, business partners and others who have provided such information to the University.

  • Penn Data Risk Classification: The University of Pennsylvania data is classified into three categories based on the level of data sensitivity, government regulations, and the University policies.
  • Policy on Security of Electronic Protected Health Information (ePHI): This security policy outlines minimum standards for ensuring the confidentiality, integrity and availability of electronic protected health information (ePHI) received, maintained or transmitted.
  • Cloud Computing:  Acceptable Use Guidelines: Guidance to describe opportunities, issues, safeguards and requirements regarding the use of certain third-party services (often called “cloud computing” services) involving University data.
  • Acceptable Use of Electronic ResourcesDefines the boundaries of “acceptable use” of limited University electronic resources, including computers, networks, electronic mail services and electronic information sources.
  • Policy on Confidentiality of Student RecordsPolicy to describe the rights and responsibilities of students, faculty and staff regarding the confidentiality of student records, including as specified under the Family Educational Rights and Privacy Act (FERPA).
  • Social Security Number Policy: Establishes expectations around the use of SSNs to reduce privacy and security risks.
  • Records Retention Schedule: Guideline that sets forth the length of time records are recommended to be retained.
  • Disposition of Documents and Data of Faculty/Staff Leaving Penn: Guidance to highlight the importance of coordinating the review and disposition of materials of faculty and staff who leave the University, and to highlight issues that may require special attention.