Policies and Standards
The following policies and standards govern computer and network use at Wayne State University, as well as the use of WSU's information technology resources and services.
IT policies
- Acceptable Use of Information Technology Resources: Defines the acceptable use of computer systems, networks, and other information technology resources at Wayne State University.
- Merit Acceptable Use Policy: Merit is the internet service provider for Wayne State University.
- AccessIDs, Electronic Mail, and Directory Services: Defines the policies and procedures that govern access to and use of the university's electronic mail and directory services.
- Administrative Rights Access Policy: Defines the criteria for which Administrative Support or Local Administrative rights for a Campus and Classroom Technology Services (CCTS) supported desktop, laptop, or other end-user devices may be granted and the terms and conditions upon which rights will be granted.
- Information Technology Systems: Ensures that Wayne State University's enterprise information technology systems are used effectively and function properly while minimizing redundancies and reducing costs.
- Confidential Information Policy: Provides a framework for dealing with the challenge of maintaining private and confidential data.
- Privacy of academic records: WSU's primary resource for FERPA information.
- Family Educational Rights and Privacy Act (FERPA): A US law that governs access to educational information and records by public entities.
- Michigan Social Security Number Privacy Act: Establishes the social security number privacy act in the state of Michigan, prescribes penalties for violations, and provides remedies to victims.
- Health Insurance Portability and Accountability Act (HIPAA): A US law designed to provide privacy standards to protect patients' medical records and other health information.
- Payment Card Industry (PCI) Data Security Standard (DSS): An information security standard for organizations that handle branded credit cards.
- Responsibility for WSU's Network Infrastructure: Outlines all aspects of designing, installing, managing, and maintaining Wayne State University's network infrastructure and its core network services.
- C&IT Wireless Access Point Use Policy: Wireless access points installed by individual departments, employees, or students may be removed from the campus network if C&IT currently provides WiFi access in that area.
- WSU Standards for Communications Infrastructure: All telecommunications infrastructure shall be designed in accordance with these standards.
- Web Privacy Policy: This privacy policy specifies the information that the university's websites are permitted to collect from site visitors, what uses of the collected information are permitted, and how it shall be protected.
IT processes
- Change Management Process: Details the Change Management process policy and its procedures. Designed to facilitate the exchange of information internally between units of C&IT and externally between C&IT and the university community; to facilitate the stability of enterprise-wide systems by minimizing risk and disruptions, and to have a record of system changes that can assist in problem resolution.
Information security standards
- Information security program: This document describes the Wayne State University Information Security Program. This program is a set of policies, procedures, and responsibilities for the protection of institutional data.
- Strong Password Standard: Describes the minimum requirements for acceptable password composition and maintenance by all technology users at Wayne State.
- Audit and accountability: Establishes the need for the university to maintain appropriate audit records and system logging functionality for university systems and applications.
- Identification and authentication: Establishes the need for the university to institute consistent controls for the identification of information system users, as well as the secure authentication of approved users.
- Incident response: Establishes the need for the university to utilize standard and documented procedures for identifying, evaluating, and responding to reported data breaches and violations of IT security policy.
- IT investigations: An IT Investigation is any request to access accounts, systems, logs, or any other information that is not normally accessible to the requesting person, and requires privileged access by a C&IT employee.
- Personal devices accessing university resources: Establishes the need for the university to institute consistent controls for utilizing personal devices for accessing university resources while on campus and remotely.
- Physical and environmental protection: Establishes the need for university computing facilities that store or process University information to be physically secure.
- Security awareness training: Establishes the need for the University to provide security awareness training to university constituents.
- Vulnerability management: Outlines the standards by which C&IT discovers, classifies, and manages possible vulnerabilities at the university.
Information security guidelines
- OneDrive for Business usage guidelines for Wayne State employees: OneDrive for Business allows users to store files in the cloud, sync those files to devices, and edit and share documents with internal and external users.
- Email forwarding position statement: C&IT's position on forwarding emails to an external email account.
- ActiveSync permissions on personal devices position statement: Outlines permissions that Microsoft ActiveSync requests to set up your personal Android or iOS mobile device to sync with Wayne Connect.
- SSL Certificate issuance policy: C&IT will supply signed wayne.edu SSL certificates for campus departments who need to secure departmental web services.
- Tagging external email: Messages originating from outside Wayne State or its affiliates are tagged as 'external'.
- Data and log retention practices: C&IT will retain data and logs for systems and services for the periods of time outlined in this document.
- Standard for System Integrity: Establishes the need for the university to maintain a standard for the integrity of information systems in order to ensure the protection of data processing against malicious attacks, unauthorized changes to those systems, and unauthorized use of those systems beyond the original intent.
Compliance programs
- Higher Education Opportunity Act (HEOA) Copyright Protection Plan: Details copyright law and unauthorized file sharing on campus networks.
- GLBA information security program: Implementing regulation called the Safeguards Rule to develop, implement, and maintain a comprehensive written Information Security Program (ISP) to safeguard customer information in the university's care.
- GLBA compliance guidance form: The Compliance Guidance Template must be completed and maintained on file by colleges and major administrative units that must comply with the university's ISP.
- Gramm-Leach-Bliley Act: The Gramm-Leach-Bliley Act requires financial institutions – companies that offer consumers financial products or services like loans, financial or investment advice, or insurance – to explain their information-sharing practices to their customers and to safeguard sensitive data.