It is essential that all aspects of the Information Security Program be followed at all times. The purpose of this policy is to outline the auditing procedures that will be used to ensure compliance.
This policy is designed to lay out the framework that governs the regular auditing of the Information Security Program.
This policy applies to any University official.
To ensure compliance with the requirements set forth as part of this program, regular audits must be performed. Audit checklists have been developed (Appendices D through I) that must be completed on the following schedule:
Servers Quarterly, or after a significant upgrade or migration
Network Equipment Quarterly, or after a significant upgrade or migration
Physical Access Quarterly
Account Deactivation Semi-Annually (to coincide with the fall and spring semesters)
It is essential that the Information Security Program be regularly reviewed and updated as necessary. This review shall occur annually and shall be performed by the Security Engineer, the Manager of Network Operations and the Director of Network Services. Any changes, additions or deletions from the program that arise from this annual review, shall be performed with unnecessary delay.
Failure to follow this policy will result in the offender(s) being subject to disciplinary action up to and including a formal written letter of corrective action.
6.0 Revision History
Draft Policy – 19 April 2005 – jfiske
Draft Policy – 5 May 2005 – jfiske
Draft Policy – 10 February 2006 – jfiske
Draft Policy – 10 April 2006 – jfiske
Approved Policy v1.0 – 4 November 2013 – jfiske