Information Technology Policies

IT0110 – Acceptable Use of Information Technology Resources

This document establishes policy for the acceptable use of information technology resources at the University of Tennessee. The University community is based on principles of honesty, academic integrity, respect for others, and respect for others’ privacy and property; thus, The University seeks to:
1.Protect the confidentiality and integrity of electronic information and privacy of its users, to the extent required or allowed under federal and state law, including the Tennessee Open Records Act;
2.Ensure that the use of electronic communications complies with the provisions of University policy and state and federal law; and
3.Allow for the free exchange of ideas and support of academic freedom.

Full Policy >

IT0115 – Information and Computer System Classification

To establish policy for information and computer system classification.

Full Policy >

IT0120 – Secure Network Infrastructure

The University of Tennessee must protect its network infrastructure to accomplish its mission of teaching, learning, research, and public service. This policy provides the basis for the creation and maintenance of a secure network infrastructure.

Full Policy >

IT0121 – Information Security Plan Creation, Implementation, and Maintenance

To establish policy for developing and maintaining an information security program at The University of Tennessee.

Full Policy >

IT0122 – Security Incident Reporting and Response

To establish policy for computer Security Incident identification, reporting, and response.

Full Policy >

IT0123 – Security Awareness, Training, and Education

To establish policy for maintaining the security skills of the University’s Workforce.

Full Policy >

IT0124 – Risk Assessment

To establish policy for developing and maintaining a Risk Assessment program to ensure compliance with minimally acceptable system configuration requirements.

Full Policy >

IT0125 – Configuration Management

To establish policy for a security-focused Configuration Management program to ensure compliance with minimally acceptable system configuration requirements.

Full Policy >

IT0126 – Accessibility 

The University of Tennessee (UT) strives to deploy information, materials, and technology that have been designed, developed, or procured to be accessible to individuals with disabilities, including those who use assistive technologies.

Full Policy >

IT0127 – Audit and Accountability

To establish an Audit and Accountability Policy for managing risk and implementing best practices with regard to the creation and the retention of audit evidence.

Full Policy >

IT0128 – Contingency Planning

To establish a Contingency Planning Policy for managing the risk of information asset failures and service disruptions though the establishment of an effective contingency planning program. The contingency planning program helps the University implement security best practices with regard to business continuity and disaster recovery.

Full Policy >

IT0129 – Physical and Environmental Protection

To establish a Physical and Environmental Protection Policy for implementing best practices with regard to the protection of facilities where information systems reside.

Full Policy >

IT0130 – Personnel Security

To establish policy for developing and maintaining a Personnel Security program to ensure compliance with minimally acceptable University requirements.

Full Policy >

IT0131 – Security Assessment and Authorization

To establish policy for developing and maintaining an information security assessment and authorization policy.

Full Policy >

IT0132 – Identification and Authentication

To establish a policy for managing risks from user access and authentication into the University’s critical information systems and provide the minimum requirements for the control of that risk.

Full Policy >

IT0133 – Security Planning

To establish a policy for security planning and provide the minimum requirements for plan creation, implementation, and maintenance.

Full Policy >

IT0134 – System and Communication Protection

To establish policy for developing and maintaining a Systems and Communication Protection program to ensure compliance with minimally acceptable requirements.

Full Policy >

IT0135 – System and Information Integrity

To establish policy for developing and maintaining a Systems & Information Integrity program to ensure compliance with minimally acceptable system configuration requirements.

Full Policy >