ITS Policies and Standards
Saint Louis University has put in place numerous policies, guidelines, standards, standard operating procedures (SOPs), and processes to ensure the security of University information and faculty, staff and student data.
Policies
Saint Louis University has put in place numerous policies and standards to ensure the security of faculty, staff and students' data and University information. Contact the IT Security and Compliance team at infosecurity@slu.edu with any questions.
Policies include:
| Name | Summary of Purpose | Last Updated |
|---|---|---|
| Information Security Policies and Enterprise Standards | To ensure the security of faculty, staff and students' data and University information. | - |
| Saint Louis University Information Technology Appropriate Use Policy | To provide guidelines for the appropriate use of Saint Louis University's IT resources, as well as for the University's access to information about and oversight of these resources. | June 2005 |
| Digital Millennium Copyright Act | To provide rules and resources for online intellectual property | - |
| Logical Access and Change Management | Controls within the technical environment to ensure stability and security and lay the foundation for internal and external audit compliance. | - |
| Unauthorized File Sharing | To provide peer-to-peer file sharing requirements | - |
| Listserv Policy 2.3 | To ensure the appropriate use of the University's Listserv capabilities. | August 2010 |
IT Documentation Framework Definitions
Policy
A formal, brief, and high-level statement or plan that embraces an organization's
general beliefs, goals, objectives, and acceptable procedures for a specified subject
area. Policies always state required actions and may include pointers to standards.
Policy attributes include the following:
- Require compliance (mandatory)
- Failure to comply results in disciplinary action
- Focus on desired outcomes, not on means of implementation
- Further defined by standards and guidelines
Standard
A mandatory action or rule designed to support and conform to a policy.
- A standard should make a policy more meaningful and effective.
- A standard must include one or more accepted specifications for hardware, software, or behavior.
Guideline
General statements, recommendations, or administrative instructions designed to achieve
the policy's objectives by providing a framework within which to implement procedures.
- A guideline can change frequently based on the environment and should be reviewed more frequently than standards and policies.
- A guideline is not mandatory, rather a suggestion of a best practice. Hence "guidelines" and "best practice" are interchangeable.
Procedure
Procedures describe the process: who does what, when they do it, and under what criteria.
They can be text-based or outlined in a process map and:
- Represent implementation of policy.
- Are a series of steps taken to accomplish an end goal.
- Define "how" to protect resources and are the mechanisms to enforce a policy.
- Provide a quick reference in times of crisis.
- Help eliminate the problem of a single point of failure.
- Can also be known as a SOP (Standard Operating Procedure)
Work Instructions
Describe how to accomplish a specific job. Visual aids, various forms of job aids,
or specific assembly instructions are examples of work instructions. Work instructions
are specific.
Forms and Other Documents
Forms are documentation that is used to create records, checklists, surveys or other
documentation used in the creation of a product or service. Records are a critical
output of any procedure or work instruction and form the basis of process communication,
audit material, and process improvement initiatives.