Get Help

Policies, Guides, Plans & Procedures

Each type of document listed below has a different target audience within UTC; specifically, those who support the organization (management team), the business process (operations), and the information systems (technical team).  Collectively the documents represent the University of Tennessee's Information Security Risk Management Framework.  


All users of UTC's information technology resources must read, understand and follow the Rules of Behavior and Acceptable Use Policy.

Additional policies that establish University best practices for using information technology can be found at  


Guides support University policy and standards, consist of recommended practices, and serve as a reference when no applicable policy is in place.  Guides are not mandatory requirements, however, they do expand on policy and may fill in the gaps to clarify UTC's security stance where no specific standard applies.  The following are links to UT policy and associated UTC-specific guides.  


DRAFT GUIDES.  The following are links to available UTC-specific Guides for UT policies that are planned,  under review, but not yet approved.


MISCELLANEOUS GUIDES.  The following are links to available UTC-specific Guides.


While policies consist of a set of controls for security best practices at UTC, a procedure specifies how to implement these controls in a step-by-step fashion.  Information System owners are responsible for ensuring their department procedures are documented, reviewed annually, updated, and available to all department personnel. 


Standards ensure consistency across the University’ of Tennessee campuses and institutes and consist of specific controls that help enforce and support the various information security policies.    UT draws from the National Institute of Standards and Technology (NIST) Computer Security Special Publications 800 Series.  For more information please visit: