Policies and Standards
The following policies and standards govern computer and network use at Wayne State University, as well as the use of WSU's information technology resources and services.
- Acceptable Use of Information Technology Resources - Defines the acceptable use of computer systems, networks, and other information technology resources at Wayne State University.
- Merit Acceptable Use Policy - Merit is the internet service provider for Wayne State University.
- AccessIDs, Electronic Mail, and Directory Services - Defines the policies and procedures that govern access to and use of the university's electronic mail and directory services.
- Information Technology Systems - Ensures that Wayne State University's enterprise information technology systems are used effectively and function properly while minimizing redundancies and reducing costs.
- Confidential Information Policy - Provides a framework for dealing with the challenge of maintaining private and confidential data.
- Privacy of academic records - WSU's primary resource for FERPA information.
- Family Educational Rights and Privacy Act (FERPA) - A US law that governs access to educational information and records by public entities.
- Michigan Social Security Number Privacy Act - Establishes the social security number privacy act in the state of Michigan, prescribes penalties for violations, and provides remedies to victims.
- Health Insurance Portability and Accountability Act (HIPAA) - A US law designed to provide privacy standards to protect patients' medical records and other health information.
- Payment Card Industry (PCI) Data Security Standard (DSS) - An information security standard for organizations that handle branded credit cards.
- Responsibility for WSU's Network Infrastructure - Outlines all aspects of designing, installing, managing, and maintaining Wayne State University's network infrastructure and its core network services.
- C&IT Wireless Access Point Use Policy - Wireless access points installed by individual departments, employees, or students may be removed from the campus network if C&IT currently provides WiFi access in that area.
- WSU Standards for Communications Infrastructure - All telecommunications infrastructure shall be designed in accordance with these standards.
- Change Management Process - Details the Change Management process policy and its procedures. Designed to facilitate the exchange of information internally between units of C&IT and externally between C&IT and the university community; to faciliate the stability of enterprise-wide systems by minimizing risk and disruptions; and to have a record of system changes that can assist in problem resolution.
Information security standards
- Information security program - This document describes the Wayne State University Information Security Program. This program is a set of policies, procedures, and responsibilities for the protection of institutional data.
- Strong Password Standard - Describes the minimum requirements for acceptable password composition and maintenance by all technology users at Wayne State.
- Audit and accountability - Establishes the need for the university to maintain appropriate audit records and system logging functionality for university systems and applications.
- Identification and authentication - Establishes the need for the university to institute consistent controls for the identification of information system users, as well as the secure authentication of approved users.
- Incident response - Establishes the need for the university to utilize standard and documented procedures for identifying, evaluating, and responding to reported data breaches and violations of IT security policy.
- IT investigations - An IT Investigation is any request to access accounts, systems, logs, or any other information that is not normally accessible to the requesting person, and requires privileged access by a C&IT employee.
- Personal devices accessing university resources - Establishes the need for the university to institute consistent controls for utilizing personal devices for accessing university resources while on campus and remotely.
- Physical and environmental protection - Establishes the need for university computing facilities that store or process University information to be physically secure.
- Security awareness training - Establishes the need for the University to provide security awareness training to university constituents.
- Vulnerability management - Outlines the standards by which C&IT discovers, classifies, and manages possible vulnerabilities at the university.
Information security guidelines
- OneDrive for Business usage guidelines for Wayne State employees - OneDrive for Business allows users to store files in the cloud, sync those files to devices, and edit and share documents with internal and external users.
- Email forwarding position statement - C&IT's position on forwarding emails to an external email account.
- ActiveSync permissions on personal devices position statement - Outlines permissions that Microsoft ActiveSync requests to set up your personal Android or iOS mobile device to sync with Wayne Connect.
- SSL Certificate issuance policy - C&IT will supply signed wayne.edu SSL certificates for campus departments who need to secure departmental web services.
- Tagging external email - messages originating from outside Wayne State or its affiliates are tagged as 'external'.
- Data and log retention practices - C&IT will retain data and logs for systems and services for the periods of time outlined in this document.
- Higher Education Opportunity Act (HEOA) Copyright Protection Plan - Details copyright law and unauthorized file sharing on campus networks.
- GLBA information security program - Implementing regulation called the Safeguards Rule to develop, implement, and maintain a comprehensive written Information Security Program (ISP) to safeguard customer information in the university's care.
- GLBA compliance guidance form - The Compliance Guidance Template must be completed and maintained on file by colleges and major administrative units that must comply with the university's ISP.
- Gramm-Leach-Bliley Act - The Gramm-Leach-Bliley Act requires financial institutions – companies that offer consumers financial products or services like loans, financial or investment advice, or insurance – to explain their information-sharing practices to their customers and to safeguard sensitive data.