Policies, Standards, Guides and Regulations
Each type of document listed below has a different target audience within UTC; specifically those who support the organization (management team), the business process (operations) and the information systems (technical team). Collectively the documents represent the University of Tennessee's Information Security Risk Management Framework.
Policies
All users of UTC's information technology resources must read, understand and follow the Rules of Behavior and Acceptable Use Policy.
Read the UT policies that establish University best practices for using information technology →
UTC Standards
Standards support University policy and consist of campus-recommended practices. They also serve as campus policy when no UT policy is in place. Standards expand on policy and may fill in the gaps to clarify UTC's Information Technology security stance. The following are links to UTC-specific standards.
- Acceptable Use
- Accessibility
- Audit and Accountability
- Configuration Management
- Contingency Planning
- Identification and Authentication
- Information and Computer System Classification
- Personnel Security
- Physical and Environmental Protection
- Risk Assessment
- Secure Network
- Security Assessment and Authorization
- Security Awareness, Training, and Education
- Security Incident Response and Reporting
- System and Communication Protection
- System and Information Integrity
The following are links to UTC-specific Standards for UT policies that are planned, under review but not yet approved.
Guides
The following are links to available UTC-specific Guides.
Regulations
Federal Regulations
Higher Education Opportunity Act of 2008, Peer-to-Peer File-Sharing. This requires an annual disclosure letter to students describing copyright laws, policies and sanctions; a plan to "effectively combat" copyright abuse; an agreement to offer legal alternatives for downloading copyrighted works.
Resources
- The U.S. Department of Education (search Peer-to-Peer File Sharing)
UT/UTC
Family Education Rights and Privacy Act (FERPA)
FERPA (20 U.S.C. § 1232g; 34 CFR Part 99), also known as the “Buckley Amendment,” affords students certain rights with respect to their education records. The law applies to all schools that receive funds under an applicable program of the U.S. Department of Education.
Resources
UT/UTC
Health Insurance Portability and Accountability Act of 1996 (HIPAA)
The Privacy Rule provides federal protections for personal health information held by covered entities and gives patients an array of rights with respect to that information. At the same time, the Privacy Rule is balanced so that it permits the disclosure of personal health information needed for patient care and other important purposes.
Resources
UT/UTC
State Regulations
File Sharing
Senate Bill NO. 3974, an act to amend Tennessee Code Annotated, Title 49, Chapter 7 relative to copyright infringement.
Privacy Information
Tennessee Code Annotated, Title 47, Chapter 18, Part 21 relative to release of Personal Consumer Information.