Policies, Standards, Guides and Regulations
Each type of document listed below has a different target audience within UTC; specifically those who support the organization (management team), the business process (operations) and the information systems (technical team). Collectively the documents represent the University of Tennessee's Information Security Risk Management Framework.
All users of UTC's information technology resources must read, understand and follow the Rules of Behavior and Acceptable Use Policy.
Standards support University policy and consist of campus-recommended practices. They also serve as campus policy when no UT policy is in place. Standards expand on policy and may fill in the gaps to clarify UTC's Information Technology security stance. The following are links to UTC-specific standards.
- Acceptable Use
- Information and Computer System Classification
- Secure Network
- Security Incident Response and Reporting
- Security Awareness, Training and Education
- Risk Assessment
- Configuration Management
- Audit and Accountability
- Contingency Planning
- Physical and Environmental Protection
- Personnel Security
- Security Assessment and Authorization
- Identification and Authentication
- System and Communication Protection
- System and Information Integrity
The following are links to available UTC-specific Standards for UT policies that are planned, under review but not yet approved.
The following are links to available UTC-specific Guides.
- Gramm-Leach-Bliley Act Standard
- Identity Theft Prevention Program Guide
- Guidelines for Handling Paper-based University Data
Higher Education Opportunity Act of 2008, Peer-to-Peer File-Sharing. This requires an annual disclosure letter to students describing copyright laws, policies and sanctions; a plan to "effectively combat" copyright abuse; an agreement to offer legal alternatives for downloading copyrighted works.
- The U.S. Department of Education (search Peer-to-Peer File Sharing)
- Copyright, Infringement, Peer-to-Peer and File Sharing
- File Sharing Awareness
Family Education Rights and Privacy Act (FERPA). FERPA (20 U.S.C. § 1232g; 34 CFR Part 99), also known as the “Buckley Amendment,” affords students certain rights with respect to their education records. The law applies to all schools that receive funds under an applicable program of the U.S. Department of Education.
Health Insurance Portability and Accountability Act of 1996 (HIPAA). The Privacy Rule provides federal protections for personal health information held by covered entities and gives patients an array of rights with respect to that information. At the same time, the Privacy Rule is balanced so that it permits the disclosure of personal health information needed for patient care and other important purposes.
- UTC Institutional Review Board HIPAA
- UTHSC HIPAA Information
- UTHSC HIPAA Notice of Privacy Practice
- UTHSC Clinical Practices Compliance
- Senate Bill NO. 3974, an act to amend Tennessee Code Annotated, Title 49, Chapter 7 relative to copyright infringement.
- Tennessee Code Annotated, Title 47, Chapter 18, Part 21 relative to release of Personal Consumer Information.