Saint Louis University

Policies and Standards


Name Brief Summary of Purpose Last Updated
Saint Louis University Information Technology Appropriate Use Policy To provide guidelines for the appropriate use of Saint Louis University's IT resources, as well as for the University's access to information about and oversight of these resources June 2005
Digital Millennium Copyright Act Rules and resources for online intellectual property  
Logical Access and Change Management Controls within the technical environment to ensure stability and security and lay the foundation for internal and external audit compliance
Unauthorized File Sharing Peer-to-peer file sharing requirements
Information Security Management 1.1 (v2.1) To provide guidance necessary to ensure protection of the information assets of the University February 2012
Workforce Security Policy 1.2
To ensure workforce security procedures include requirements for authorization and supervision of access to confidential information May 2010
Backup and Business Continuity Policy 1.3
To ensure that all critical information resources are clearly identified and that business continuity procedures to regularly test the functionality of backup May 2010
Technical Evaluations of Computer Systems and Networks 1.4 To ensure that Saint Louis University periodically performs technical and nontechnical evaluations May 2010
Internal and External Audit Policy 1.5 To establish the authority to conduct audits, outlines audit scope and applicability, and lists requirements for audit documentation and reporting May 2010
Data Center Access 1.6 To ensure protection against unauthorized physical access to servers and infrastructure, residing in SLU data centers May 2010
Maintenance Records Policy 1.7 To ensure that procedural mechanisms exist for maintaining records that document repairs and changes to the physical safeguards of facilities that protect confidential information May 2010
Device and Media Controls 1.8 The purpose of this policy is to ensure that physical safeguards exist to guard data integrity, confidentiality, and availability. May 2010
Logical Access Policy 1.9 The purpose of this policy is to ensure standardization across all information technology systems in regards to ensuring that the appropriate data owners approve user access requests. May 2010
Audit Controls Policy 1.10 To ensure that information resources that contain confidential information are identified, monitor and reviewed using audit controls that record and examine activity May 2010
Transmission Security 1.11 To ensure that technical security measures are taken to guard against unauthorized access to confidential information, which is transmitted via electronic communication networks
May 2010
Business Associates Agreements Policy 1.12 To provide guidelines for compliance with Health Insurance Portability and Accountability Act (HIPAA) and the Privacy and Security regulations relating to "Business Associates"
May 2010
Information Security Incident Management Policy 1.13 (v1.1) To define the University policy regarding the reporting, management and response by University personnel in the event of a suspected or actual information security incident
February 2012
Data Management Policy 1.14 (v1.1) To provide objectives for managing University stored data
February 2012
Person or Entity Authentication Policy 1.15 To codify a process that University personnel must follow to verify the authenticity of a person or entity prior to granting authorization February 2012
Automatic Logoff Policy 1.16 To ensure that reasonable steps are taken to implement automatic logging off of users after a predetermined time of inactivity on systems containing confidential information February 2012
Workstation Use Policy 1.17 To establish minimum requirements for the implementation of physical safeguards for workstations that access confidential information February 2012
Electronic Mail Policy 2.2 To ensure the proper use of Saint Louis University's e-mail system while also raising awareness of acceptable and unacceptable uses August 2010
Listserv Policy 2.3 To ensure the appropriate use of the University's Listserv capabilities August 2010



 Name  Brief Summary of Purpose
Last Updated
Password Standard

To help ensure compliance and security with Saint Louis University accounts and access to SLU Information Technology Resources that include data, software, hardware, networks, IT Systems, databases and removable media

August 2013



IT Governance Risk Register Template August 2013
IT Classification and Risk Universe Template  August 2013

Division of Information Technology Services Policies

Administrative Client Access To accommodate academic and research need to have elevated privileges on University-owned electronic devices January 2012
Attendance Policy To set expectations of attendance for all ITS staff and interns May 2011
Dress Code Policy To outline appropriate and inappropriate examples of dress January 2011
Firewall Policy To ensure SLU has the proper network perimeter security in place to prevent malicious intrusion November 2009
Network Drive Access To provide its members with reliable technology in a stable operating environment January 2012
Payment Card Industry (PCI) Data Security Standards (DSS) Policy To define the roles and responsibilities for all stakeholders and the requirements in association with credit/debit card data September 2010
Policy on Policies To ensure a clear definition of expectations and accountability January 2011
Travel Policy To define essential and critical out-of-town training and travel requests April 2009
VPN Access To ensure the University controls for Logical Access January 2012
Windows Printer Infrastructure Design and Management To establish consistent standards and practices for designing and managing printers February 2012
Higher purpose. Greater good.
© 1818 - 2015  SAINT LOUIS UNIVERSITY   |   Disclaimer   |  Mobile Site
St. Louis   |   Madrid