Policies, Guides, Plans & Procedures
Each type of document listed below has a different target audience within UTC; specifically, those who support the organization (management team), the business process (operations), and the information systems (technical team). Collectively the documents represent the University of Tennessee's Information Security Risk Management Framework.
All users of UTC's information technology resources must read, understand and follow the Rules of Behavior and Acceptable Use Policy.
Additional policies that establish University best practices for using information technology can be found at http://policy.tennessee.edu/it_policy/
Guides support University policy and standards, consist of recommended practices, and serve as a reference when no applicable policy is in place. Guides are not mandatory requirements, however, they do expand on policy and may fill in the gaps to clarify UTC's security stance where no specific standard applies.
The following UTC-specific IT Security guides align with approved UT policy (or UT policy being developed):
- Audit and Accountability Guide
- Configuration Management Guide
- Contingency Planning Guide
- Physical & Environmental Protection Guide
- Risk and Vulnerability Management Guide
- Secure Network Infrastructure Guide
- Security Plan Creation Guide
- System Maintenance Guide
- System & Services Acquisition
- Data Storage Guide
The following plans provide more detailed guidance for employees in response to specific threats or events:
While policies consist of a set of controls for security best practices at UTC, a procedure specifies how to implement these controls in a step-by-step fashion. Information System owners are responsible for ensuring their department procedures are documented, reviewed annually, updated, and available to all department personnel.
Standards ensure consistency across the University’ of Tennessee campuses and institutes and consist of specific controls that help enforce and support the various information security policies. UT draws from the National Institute of Standards and Technology (NIST) Computer Security Special Publications 800 Series. For more information please visit: