• I. Overview
• II. Policy Statement
• III. Rationale
• IV. Audience
• V. Procedures
  • 1. Information Resources Security Responsibility and Accountability
  • 2. Acceptable Use
  • 3. Account Management
  • 4. Administrative/Special Access
  • 5. Backup Recovery of Systems and Data
  • 6. Change Management
  • 7. Computer Virus Protection
  • 8. Classification of Sensitive (Category-I) Digital Data
  • 9. Risk Management
  • 10. Reduction of Use and Collection of Social Security Numbers
  • 11. Management of Sensitive Digital Data
  • 12. Electronic Mail (E-mail)
  • 13. Incident Management
  • 14. Internet Use
  • 15. Information Services Privacy
  • 16. Network Access
  • 17. Network Configuration
  • 18. Passwords
  • 19. Physical Access
  • 20. Portable Computing and Remote Access
  • 21. Security Monitoring
  • 22. Security Training
  • 23. System Hardening
  • 24. Software Licensing
  • 25. Secure Development and Administration
  • 26. Vendor Access
  • 27. Right to Monitor
  • 28. Disciplinary Actions
• VI. Implementation
• VII. Appendix
• VIII. Definitions

Information Resources Use and Security Policy

15. Information Services Privacy

Electronic files and data created, sent, received, or stored on computers and other Information Resources owned, leased, administered, or otherwise under the custody and control of the university are not private unless expressly stated by Regent's Rules. They may be accessed as needed for the purpose of system administration and maintenance, for resolution of technical problems, for compliance with the Texas Public Information Act, for compliance with federal and state subpoenas, court orders, or other written authorizations, to conduct the business of the university, and to perform audits.