Policies, Standards, Guides and Regulations
Each type of document listed below has a different target audience within UTC; specifically, those who support the organization (management team), the business process (operations) and the information systems (technical team). Collectively the documents represent the University of Tennessee's Information Security Risk Management Framework.
All users of UTC's information technology resources must read, understand and follow the Rules of Behavior and Acceptable Use Policy.
Standards support University policy and consist of campus-recommended practices. They also serve as campus policy when no UT policy is in place. Standards expand on policy and may fill in the gaps to clarify UTC's Information Technology security stance . The following are links to UTC-specific standards.
- Acceptable Use
- Information & Computer System Classification
- Secure Network
- Security Incident Response & Reporting
- Security Awareness, Training & Education
- Risk Assessment
- Configuration Management
- Audit and Accountability
- Contingency Planning
- Physical & Environmental Protection
- Personnel Security
- Security Assessment & Authorization
- Identification & Authentication
- System & Communication Protection
- System & Information Integrity
The following are links to available UTC-specific Standards for UT policies that are planned, under review, but not yet approved.
The following are links to available UTC-specific Guides.
Higher Education Opportunity Act of 2008, Peer-to-Peer File-Sharing. The HEOA P2P Provisions require an annual disclosure letter to students describing copyright laws, policies, and sanctions; a plan to "effectively combat" copyright abuse; and an agreement to offer legal alternatives for downloading copyrighted works.
- The U.S. Department of Education (search Peer-to-Peer File Sharing)
Family Education Rights & Privacy Act (FERPA). The Family Educational Rights and Privacy Act (FERPA) (20 U.S.C. § 1232g; 34 CFR Part 99), also known as the “Buckley Amendment,” affords students certain rights with respect to their education records. The law applies to all schools that receive funds under an applicable program of the U.S. Department of Education.
Health Insurance Portability & Accountability Act of 1996 (HIPAA). The Privacy Rule provides federal protections for personal health information held by covered entities and gives patients an array of rights with respect to that information. At the same time, the Privacy Rule is balanced so that it permits the disclosure of personal health information needed for patient care and other important purposes.
- File Sharing
- Senate Bill NO. 3974, AN ACT to amend Tennessee Code Annotated, Title 49, Chapter 7, relative to copyright infringement.
- Privacy information
- Tennessee Code Annotated, Title 47, Chapter 18, Part 21, relative to release of Personal Consumer Information.