Policy and Guidance

The University Information Security Office is responsible for coordinating the development and dissemination of information security policies, standards, and guidelines for the University.

Information Security Policies are found on the University Policy Information Technology Webpage.
All other Information Security Governance documentation can be found on the Information Security Confluence Space (NetID and password required).
Need help understanding ISO Governance? Click on this link to request a consult with a member of the ISO-GRC team.

Regulatory Reference

Arizona Board of Regents Policy 9-201 (General Policy)
Arizona Board of Regents Policy 9-202 (University Responsibilities)
Arizona Revised Statutes Section 15-1823 (Identification numbers; social security numbers)
Arizona Revised Statutes 44-1373 (Restricted use of personal identifying information; civil penalty)
Arizona Revised Statutes Section 18-552 (Notification of breach of security system) (Definitions ARS 18-551)
Health Insurance Portability and Accountability Act 45 CFR Parts 160,162, and 164 (HIPAA)
Family Educational Rights and Privacy Act 34 CFR Part 99 (FERPA)
PCI Security Standards Council

University Compliance Information