Policies and procedures
Policy Office updated a variety of policies and procedures
ITS transformed a Help document into a formal Onyen policy that is all-around better and clearer. The Policy Office worked with IT Project Analyst/Manager Candace Reynolds, who managed the project and launched the student Onyen decommissioning in October 2015.
ITS revised and updated the Transmission of Protected Health Information and Sensitive Information policy. This enabled ITS to also create a new Standard to ease future rollouts of encryption changes and other processes. ITS also revised the Network Appropriate Use Policy to be a general appropriate use policy.
In a major internal project, the ITS Policy Office created a new procedure for the release of affiliate data. The procedure improved standardization and made day-to-day decisions easier, enabling ITS to more consistently protect information. ITS User Support & Engagement produce standard request forms on help.unc.edu to support the procedure. This makes processes easier and more efficient for ITS customers.
Perhaps the most important new documents the ITS Policy Office created this past year are the updated Vulnerability Management Policy and its new Standard, the new Information Security Controls Standard and the new Information Classification Standard. These documents supersede large parts of the Information Security Policy, vastly update requirements that affect every member of the Carolina community and fill gaps identified by risk assessments and state requirements. Campus representatives spent several months working with ITS on these documents to produce workable, readable and effective controls.