What is an interim policy?
An interim policy is an information technology security policy issued in situations where the University must establish a policy in a time period too short to accommodate the normal policy development and approval process.  Interim policies have the same force and effect as traditionally established policies  When interim policies are up for review they will be reviewed completely in accordance with the full IT policy process.

  Print  Top

How are information technology security policies approved at Purdue?

The ITaP IT Networks and Security (ITNS) group facilitates the development of University information technology security policies and consults on information technology security compliance activities under federal, state, and local law.

ITNS works with the University Security Officers’ Working Group and other pertinent stakeholders to develop University-wide IT policies, standards, guidelines, and procedures. The policy development process was created in order to ensure that information technology security policies are reviewed thoroughly by representative stakeholders prior to signature by Purdue University’s president. Information technology security policies are reviewed, at a minimum, by the University Security Officers’ Working Group, the IT Executive Steering Committee, the Vice President for Information Technology, the Executive Vice President and Treasurer, the Provost, the University President, and University Legal Counsel.

For more information about the information technology security policy development process at Purdue, visit:  http://www.purdue.edu/securepurdue/bestPractices/draftITPolicies.cfm  

  Print  Top

What is the difference between a departmental policy and a University policy?

For the most part, University information technology security policies set forth a minimum expectation for secure computing practices at the University.  Departments and academic units are always free to create additional policies for their particular areas, provided that those policies meet at least the minimum expectations set by University policy.  In most instances, departmental and academic unit information technology security policies are more restrictive than University information technology security policies.

In the event of a conflict between University and departmental information technology security policies, then University information technology security policy must be followed (unless an exception has been granted).  However, if University and departmental policies do not conflict, but one is considered more limiting than the other, the more strict policy (which is usually the departmental policy) will control.

  Print  Top

What is a policy exception?

Purdue University information technology security policies, standards, guidelines, and procedures institute controls that are used to protect University data and IT Resources.  While every exception to a policy or standard weakens protection for University IT Resources and underlying data, exceptions may still exist. Centralized and departmental IT units and IT Resource owners who are responsible for ensuring appropriate enforcement of University information technology security policies and related standards on University IT Resources must follow the security exception procedure requesting an exception to Purdue University information technology security policies.

The security exception procedure can be found at:  http://www.purdue.edu/securepurdue/bestPractices/deviationProcedure.cfm

  Print  Top

Do guests and vendors have to follow University information technology security policies?
Yes.  Guests, vendors, and all users of Purdue University IT Resources are required to follow University information technology security policies.  In the event that a policy cannot be followed for some reason, an exception must be specifically granted.

  Print  Top

How do I suggest an information security policy?

To suggest an information technology security policy for consideration, please send email to securepurdue@purdue.edu

  Print  Top