Policy and Guidance

• Information Security Policies are found on the University Policy Information Technology Webpage.

• All other Information Security Governance documentation can be found on the Information Security Confluence Space.

  • NOTE: TO ACCESS THIS CONTENT, YOU WILL NEED TO LOGIN WITH YOUR UA NETID AND PASSWORD. YOU WILL ALSO NEED TO EITHER BE ON THE UNIVERSITY CAMPUS OR LOGGED INTO THE UA VPN. 

• Need help understanding ISO Governance?  Click on this link to request a consult with a member of the ISO-GRC team.

Regulatory Reference

• Arizona Board of Regents Policy 9-201 (General Policy)
• Arizona Board of Regents Policy 9-202 (University Responsibilities) 
• Arizona Revised Statutes Section 15-1823 (Identification numbers; social security numbers)
• Arizona Revised Statutes 44-1373 (Restricted use of personal identifying information; civil penalty)
• Arizona Revised Statutes Section 18-552 (Notification of breach of security system) (Definitions ARS 18-551)
• Health Insurance Portability and Accountability Act 45 CFR Parts 160,162, and 164 (HIPAA)
• Family Educational Rights and Privacy Act 34 CFR Part 99 (FERPA)
• PCI Security Standards Council

University Compliance Information

• Research Gateway Compliance
• European Union General Data Protection Regulation (GDPR) Compliance
  • GDPR and What It Means To You
  • GDPR FAQs
• Export Control Program
• HIPAA Privacy Program
• Human Subjects Protection Program
• PCI DSS Program