Policies and Standards

The following policies and standards govern computer and network use at Wayne State University, as well as the use of WSU's information technology resources and services.

IT policies

IT processes

  • Change Management Process: Details the Change Management process policy and its procedures. Designed to facilitate the exchange of information internally between units of C&IT and externally between C&IT and the university community; to facilitate the stability of enterprise-wide systems by minimizing risk and disruptions, and to have a record of system changes that can assist in problem resolution.

Information security standards

  • Information security program: This document describes the Wayne State University Information Security Program. This program is a set of policies, procedures, and responsibilities for the protection of institutional data.
  • Strong Password Standard: Describes the minimum requirements for acceptable password composition and maintenance by all technology users at Wayne State.
  • Audit and accountabilityEstablishes the need for the university to maintain appropriate audit records and system logging functionality for university systems and applications.
  • Identification and authenticationEstablishes the need for the university to institute consistent controls for the identification of information system users, as well as the secure authentication of approved users.
  • Incident response: Establishes the need for the university to utilize standard and documented procedures for identifying, evaluating, and responding to reported data breaches and violations of IT security policy.
    • IT investigations: An IT Investigation is any request to access accounts, systems, logs, or any other information that is not normally accessible to the requesting person, and requires privileged access by a C&IT employee.
  • Personal devices accessing university resourcesEstablishes the need for the university to institute consistent controls for utilizing personal devices for accessing university resources while on campus and remotely.
  • Physical and environmental protectionEstablishes the need for university computing facilities that store or process University information to be physically secure.
  • Security awareness trainingEstablishes the need for the University to provide security awareness training to university constituents.
  • Vulnerability managementOutlines the standards by which C&IT discovers, classifies, and manages possible vulnerabilities at the university.

Information security guidelines

Compliance programs

  • Higher Education Opportunity Act (HEOA) Copyright Protection Plan: Details copyright law and unauthorized file sharing on campus networks.
  • GLBA information security program: Implementing regulation called the Safeguards Rule to develop, implement, and maintain a comprehensive written Information Security Program (ISP) to safeguard customer information in the university's care.
    • GLBA compliance guidance form: The Compliance Guidance Template must be completed and maintained on file by colleges and major administrative units that must comply with the university's ISP.
    • Gramm-Leach-Bliley ActThe Gramm-Leach-Bliley Act requires financial institutions companies that offer consumers financial products or services like loans, financial or investment advice, or insurance to explain their information-sharing practices to their customers and to safeguard sensitive data.