policy policy sanction modified Thu Mar 11 2021 11:17:32 GMT-0500 (Eastern Standard Time)
University of Louisville
July 23, 2007
REASON FOR POLICY
Sanctions are a requirement of many information security laws and regulations. Sanctions also encourage following the policies, standards and procedures promulgated to help the university maintain the confidentiality, integrity and availability of the university's information and computing infrastructure.
The University of Louisville requires that users of university computing infrastructure, devices or data comply with all applicable laws, regulations, statutes and university policies relating to information security and information technology. The University must be prepared to respond fairly and appropriately (1) to violations of law, regulation or university policy relating to information security, (2) when questionable or unacceptable computing practices occur, or (3) where there is non-compliance with information security policy requirements or with reasonable requests for action or cooperation necessary to implement the university's information security policies. Lack of compliance will result in sanctions or other appropriate action.
Users - Includes students, faculty, staff, administrators and other employees of the University of Louisville and its affiliated entities and any other individual having a computer account, email address or utilizing the computer, network or other information technology services of the University of Louisville.
Policy Authority/Enforcement: The University's Information Security Officer (ISO) is responsible for the development, publication, modification and oversight of these policies and standards. The ISO works in conjunction with University Leadership, Information Technology, Audit Services and others for development, monitoring and enforcement of these policies and standards.
Policy Compliance: Failure to comply with these policies and standards and/or any related information security and/or information technology policy, standard or procedure may result in disciplinary action up to and including termination of employment, services or relationship with the University and/or action in accordance with local ordinances, state or federal laws.
Vice President for Risk, Audit, and Compliance
RESPONSIBLE UNIVERSITY DEPARTMENT/DIVISION
Information Security Office
This policy is subject to change or termination by the University at any time. This policy SUPERSEDES all prior policies, procedures or advisories pertaining to the same subject.
This policy will be reviewed annually to determine if the policy addresses University risk exposure and is in compliance with the applicable security regulations and University direction. In the event that significant regulatory changes occur, this policy will be reviewed and updated as needed per the Policy Management process.
Approved July 23, 2007 by the Compliance Oversight Council
Shirley C Willihnganz, Executive Vice President and University Provost, Chair of the Compliance Oversight Council
1.0 / July 23, 2007 / Original Publication
1.1 / June 21, 2011 / Acronym Update
1.2 / January 29, 2013 / Content Update
1.3 / December 10, 2015 / Content review, removal of “Data Center” team reference in ULCIRT2.0 / March 8, 2016 / Review content and update to template format, reference HR Disciplinary Policy
2.0/ July 25, 2018/ Grammar and punctuation updates
Reviewed Date(s): September 29, 2014; March 8, 2016; June 12, 2017, July 25, 2018
The University Policy and Procedure Library is updated regularly. In order to ensure a printed copy of this document is current, please access it online at http://louisville.edu/policies.