IT Policies
Policies
Standards
Procedures
Guidelines
Drafts
The Office of Computing and Communication Services (OCCS) assists in the development, formulation and distribution of information technology policies.
The Information Technology Advisory Committee (ITAC) is a body appointed by the University representing various campus constituencies. ITAC is charged with the review of draft policies and standards and assists OCCS with the vetting of these proposals.
Policy and Standards Development
By establishing specific requirements for all members of the university community, policies and standards connect the university's mission to individual conduct, institutionalize impartial expectations, support compliance with laws and regulation, mitigate institutional risk, and enhance productivity and efficiency in the university's operations.
A full compilation of established and draft policies and standards is being assembled for viewing on this site in the near future.
For background or information on theses policies, or to provide feedback on drafts, please contact Rusty Waterfield, Assistant Vice President for Computing and Communication Services at rwater@odu.edu.
Policies
3500 - Policy on the Use of Computing Resources.pdf
3501 - IT Access Control Policy.pdf
3502 - IT Operations Management Policy.pdf
3503 - IT Regulatory Compliance Policy.pdf
3504 - Data Classification Policy.pdf
3505 - IT Security Policy.pdf
3506 - Electronic Messaging Policy for Official University Communication.pdf
BOV 1626 Information Technology Management.pdf
Standards
General
01.1 - Tech Development Standard 2006.pdf01.2 - Student Email Standard 2006.pdf
01.3 - Workplace Device Information Standard 2006.pdf
01.4 - Disciplinary Action Standard 2006.pdf
01.5.1 - Web Address Alias Standard 2006.pdf
01.5.2 - Web Maintenance Standard.pdf
01.5.3 - Web Development Standard 2006.pdf
01.6 - Interoperability.standard.2007.pdf
Risk Management
02.2.1 - Assignment of IT Security Roles 2007.pdf02.2.2 - IT Security Roles 2007.pdf
02.3.1 - Business Impact Analysis Standard 2007.pdf
02.4.1 - Data Classification Standard 2007.pdf
02.4.5 - Internet Privacy Standard 2006.pdf
02.5.2 - System Inventory Standard 2007.pdf
02.6.2 - Risk Assessment Standard 2007.pdf
02.7.2 - IT Security Audit Standard 2007.pdf
IT Contingency Planning
03.2.2 - Continuity of Operations Planning Standard 2008.pdf03.3.2 - Disaster Recovery - Business Continuity Plan Standard.pdf
03.4.2 - IT System and Data Backup and Restoration Standard.pdf
IT Systems Security
04.2.1 - Virus Protection Standard 2006.pdf04.3.1 - Desktop Management Standard 2007.pdf
04.3.2 - IT System Security Plan Standard 2007.pdf
04.3.3 - Server Management Standard 2007.pdf
04.3.4 - Network Management Standard 2006.pdf
04.4.1 - Wireless Network Standard 2006.pdf
04.6.2 - Project Management Standard 2006.pdf
Logical Access Control
05.2.2 - Account Management Standard 2007.pdf05.3.2 - Password Management Standard 2007.pdf
05.3.3 - MIDAS Management Standard 2006.pdf
05.4.1 - Remote Access Standard 2006.pdf
05.4.2 - Portable Computer Management Standard 2006.pdf
05.4.3 - Third Party Access Standard 2006.pdf
05.4.4 - Virtual Private Network Standard 2006.pdf
Data Protection
06.2.1 - Digital Media Standard 2006.pdf06.2.2 - Data Storage Media Protection Standard 2007.pdf
06.3.2 - Encryption Standard 2007.pdf
06.3.3 - E-Commerce Standard 2006.pdf
Facilities Security
07.2.1 - Facilities Security Standard 2007.pdf07.2.2 - Data Center Operations Standard 2007.pdf
07.2.2 - Print Management and Distribution 2007.pdf
Personnel Security
08.2.2 - Access Determination and Control Standard 2007.pdf08.2.3 - Payment Gateway Access Standard 2007.pdf
08.4.2 - Acceptable Use Standard 2007.pdf
08.4.3 - Residential Network Standard 2006.pdf
Threat Management
09.2.2 - Threat Detection Standard 2007.pdf09.3.2 - Security Monitoring and Logging Standard 2007.pdf
09.4.2 - IT Security Incident Handling Standard 2007.pdf
09.5.2 - Data Breach Notification Standard 2007.pdf
IT Systems Security
10.2.1 - IT Asset Control Standard 2007.pdf10.2.2 - Software License Standard 2007.pdf
10.2.3 - Service Level Agreements Standard 2006.pdf
10.4.1 - Change Management Standard 2006.pdf
Procedures
3.3.2.2 - Disaster Recovery Test Performance - Procedure.pdf
3.4.2.1 - Backup Tape Exchange Procedure 2008.pdf
3.4.2.2 - System Backups Restoration (Non - Db) Procedure.pdf
3.4.2.3 - Review of Backup Logs Procedure 2008.pdf
3.4.2.6 - Protection of Backup Media Sent Off-Site Procedure 2008.pdf
5.2.2 - Account Management Procedures.pdf
5.4.4 - ODU Campus VPN Access Procedure 2008.pdf
6.3.2.1 - Encryption Key Management Procedure.pdf
7.2.1 - Physical Access Control - Unauthorized Personnel - Procedure 2008.pdf
7.2.2 - Safeguards for Protection Against Environmental Risk - Procedure 2008.pdf
7.2.3 - Safeguard IT Systems and Data Not Residing in Primary Facility - Procedure.pdf
7.2.4 - Monitoring and Auditing Physical Access - Procedure 2007.pdf
7.2.5 - Effective Environmental Controls - Procedure 2007.pdf
7.2.6 - Controlled Access to Hardware and Facilities - Procedure 2007.pdf
9.3.2.2A - Network Monitoring Problem Escalation Procedure 2007.pdf
9.3.2.2B - nGenius Network Monitoring start up and monitoring procedure.pdf
OCCS Data Center - Disposal of Data Procedure 2007.pdf
OCCS Data Center - Off Campus Equipment Removal Procedure 2007.pdf
OCCS Physical Security Procedure.pdf
Guidelines
4.3.4.1 - Firewall Best Practices.pdf
4.3.4.2 - Router-Switch Best Practices.pdf
8.3.2 - IT Sec Awareness and Training Program - 2008.pdf
Drafts
DRAFT 4.5.2 - Malicious Code Protection Standard.doc
DRAFT Copy Central Distribution Procedure 2007.doc
DRAFT Copy Device Purchasing Standard 2007.doc
DRAFT ISDA Project Management Procedure.doc
Interoperability_standard_2007.doc