Policies, Standards, Guides and Regulations

Each type of document listed below has a different target audience within UTC; specifically those who support the organization (management team), the business process (operations) and the information systems (technical team). Collectively the documents represent the University of Tennessee's Information Security Risk Management Framework.

Policies

All users of UTC's information technology resources must read, understand and follow the Rules of Behavior and Acceptable Use Policy.

Read the UT policies that establish University best practices for using information technology →

UTC Standards

Standards support University policy and consist of campus-recommended practices. They also serve as campus policy when no UT policy is in place. Standards expand on policy and may fill in the gaps to clarify UTC's Information Technology security stance. The following are links to UTC-specific standards.

• Acceptable Use
• Accessibility
• Audit and Accountability
• Configuration Management
• Contingency Planning
• Identification and Authentication
• Information and Computer System Classification
• Personnel Security
• Physical and Environmental Protection
• Risk Assessment
• Secure Network
• Security Assessment and Authorization
• Security Awareness, Training, and Education
• Security Incident Response and Reporting
• System and Communication Protection
• System and Information Integrity

The following are links to UTC-specific Standards for UT policies that are planned, under review but not yet approved.

• Access Controls
• Media Protection
• System and Services Acquisition

Guides

The following are links to available UTC-specific Guides.

• Gramm-Leach-Bliley Act Standard
• Identity Theft Prevention Program Guide
• Guidelines for Handling Paper-based University Data

Regulations

Federal Regulations

Higher Education Opportunity Act of 2008, Peer-to-Peer File-Sharing. This requires an annual disclosure letter to students describing copyright laws, policies and sanctions; a plan to "effectively combat" copyright abuse; an agreement to offer legal alternatives for downloading copyrighted works.

Resources

• The U.S. Department of Education (search Peer-to-Peer File Sharing)

UT/UTC

• Copyright, Infringement, Peer-to-Peer and File Sharing
• File Sharing Awareness

Family Education Rights and Privacy Act (FERPA)

FERPA (20 U.S.C. § 1232g; 34 CFR Part 99), also known as the “Buckley Amendment,” affords students certain rights with respect to their education records. The law applies to all schools that receive funds under an applicable program of the U.S. Department of Education.

Resources

• The U.S. Department of Education

UT/UTC

• UTC Records Office FERPA
• UTK FERPA

Health Insurance Portability and Accountability Act of 1996 (HIPAA)

The Privacy Rule provides federal protections for personal health information held by covered entities and gives patients an array of rights with respect to that information. At the same time, the Privacy Rule is balanced so that it permits the disclosure of personal health information needed for patient care and other important purposes.

Resources

• Department of HHS HIPAA
• HHS Final Rule dated 1/25/2013

UT/UTC

• UTC Institutional Review Board HIPAA
• UTHSC HIPAA Information
• UTHSC HIPAA Notice of Privacy Practice
• UTHSC Clinical Practices Compliance

State Regulations

File Sharing

Senate Bill NO. 3974, an act to amend Tennessee Code Annotated, Title 49, Chapter 7 relative to copyright infringement.

Privacy Information

Tennessee Code Annotated, Title 47, Chapter 18, Part 21 relative to release of Personal Consumer Information.

University

Acceptable Use Policy

• UTC Summary
• Full Text

Code of Conduct Link