Policies and Standards
- Polices are the high-level statements of management intent, expectations and direction
- Standards are the metrics, allowable boundaries or the process used to determine whether procedures meet policy requirements
The following are the policies and standards upheld by Boston University:
Information Security Policy The policy governing the use, protection, and preservation of computer-based information at the University.
Conditions of Use and Policy on Computing Ethics Conditions of use for all users of the University’s computing facilities & policies for exercising responsible, ethical behavior when using the University’s computing facilities
Social Media Guidelines These Guidelines are addressed to employees who use social media as part of their jobs to promote their schools, programs, and departments.and also include general considerations for social media use that should be important to everyone
Data Protection Standards The standards for data protection are intended to help the University more easily meet the legal, regulatory and best practice requirements that apply to our environment
Personal Information Protection Program From the Office of the Executive Vice President, this program describes specific steps members of the University community should take to safeguard personal information. See the Personal Information Protection page for more information
BU’s Copyright Violation Notification Process It is illegal and a violation of Boston University policy to download or upload copyrighted materials unless you have permission from the copyright holder or one of the limited exceptions under the U.S. Copyright Act applies (e.g., fair use). It is copyright infringement.
BU Google Apps Acceptable Use and Data Security Policy for using BU Google Apps to ensure compliance of your school, department or unit requirements established regarding email and data storage
BU Google Drive Security Guide for using the BU version of Google Drive to ensure secure storage of confidential information, including FERPA Data
BU InfoSec Guideline -Security Hardening of iOS (iPad & iPhone) In order to provide the proper protection of information, these devices must be properly configured. This document provides the steps require to properly secure an iPad or iPhone.
BU Health Insurance Portability and Accountability Act (HIPAA) Security Policies Policies related to the use and storage of electronic Protected Health Information (ePHI) at Boston University. Text of Law
BU Family Educational Rights and Privacy Act (FERPA) This is the Federal law that protects the privacy of a student’s education records. In compliance with FERPA, Boston University does not disclose personally identifiable information contained in student education records, except as authorized by law. Text of Law
BU Gramm-Leach-Bliley Act Safeguarding Program (GLBA) The GLB Act requires companies to give consumers privacy notices that explain the institutions’ information-sharing practices. In turn, consumers have the right to limit some – but not all – sharing of their information. Text of Law
Policy Violation Notification Procedure Procedure for violations of Information Security Policy or Non-Disclosure Agreement