Policies & Standards

The following policies and standards govern computer and network use at Wayne State University, as well as the use of WSU's information technology resources and services.

IT policies

Information security standards

  • Information security program - This document describes the Wayne State University Information Security Program. This program is a set of policies, procedures and responsibilities forthe protection of institutional data.
  • Strong Password Standard - Describes the minimum requirements for acceptable password composition and maintenance by all technology users at Wayne State.
  • Audit and accountability - Establishes the need for the university to maintain appropriate audit record and system logging functionality for university systems and applications.
  • Identification and authentication - Establishes the need for the university to institute consistent controls for identification of information system users, as well as the secure authentication of approved users.
  • Incident response - Establishes the need for the university to utilize standard and documented procedures for identifying, evaluating, and responding to reported data breaches and violations of IT security policy.
    • IT investigations - An IT Investigation is any request to access accounts, systems, logs or any other information that is not normally accessible to the requesting person, and requires privileged access by a C&IT employee.
  • Personal devices accessing university resources - Establishes the need for the university to institute consistent controls for utilizing personal devices for accessing university resources while on campus and remotely.
  • Physical and environmental protection - Establishes the need for university computing facilities that store or process University information to be physically secure.
  • Security awareness training - Establishes the need for the University to provide security awareness training to university constituents.
  • Vulnerability management - Outlines the standards by which C&IT discovers, classifies, and manages possible vulnerabilities at the university.

Information security guidelines

Compliance programs

  • Higher Education Opportunity Act (HEOA) Copyright Protection Plan - Details copyright law and unauthorized file sharing on campus networks.
  • GLBA information security program - Implementing regulation called the Safeguards Rule to develop, implement, and maintain a comprehensive written Information Security Program (ISP) to safeguard customer information in the university's care.
    • GLBA compliance guidance form - The Compliance Guidance Template must be completed and maintained on file by colleges and major administrative units that must comply with university's ISP.
    • Gramm-Leach-Bliley Act - The Gramm-Leach-Bliley Act requires financial institutions – companies that offer consumers financial products or services like loans, financial or investment advice, or insurance – to explain their information-sharing practices to their customers and to safeguard sensitive data.