Skip to Main Content

Policies, Standards, and Guidelines

Policies Last Revised
Policies on the Use of Computers
Outlines acceptable use of University computing and networking resources
Privacy Policy
Outlines the University’s position on protecting the privacy of personally identifiable sensitive information stored on University assets
Customer Information Security Program Policy and GLBA Policy
Outlines department/unit responsibilities as part of a program for safeguarding non-public "customer" data including financial data and Social Security Numbers
Data Access Policy
Outlines roles and responsibilities for granting access to sensitive and restricted institutional data.
Password Policy
Establishes the University’s position on the use, creation and management of passwords for University computing accounts


European Union General Data Protection Regulation Compliance Policy
The European Union General Data Protection Regulation (EU GDPR) imposes obligations on entities, like the University of Georgia, that collect or process personal data about people in the EU.



Standards Last Revised
Data Classification and Protection Standard
Baseline requirements for handling and protecting data based on the data’s classification
Minimum Security Standards for Sensitive Devices
Security requirements for servers, desktops, laptops, and mobile devices that store sensitive or restricted data
Minimum Security Standards for Networked Devices
Security requirements for devices that connect to the UGA network
Password Standard
Specific requirements for password construction and management
ArchPass Standard
Criteria for systems to be placed behind two-factor authentication
System Logging Security Standard for Restricted Data Devices
Logging standards requirements for devices that store or process restricted University data


Guidelines, Interpretations, and Commentary Last Revised
University Cybersecurity Program Plan 02/2020
EULAs and the Acceptable Use of University Computers 06/2012
Security and Privacy for Network Monitoring 08/2013
Classifying and Protecting the UGAID 12/2015
Security and Privacy for Email and Messaging Systems 06/2012
Information Security Requirements for Contractors and Faculty 06/2012
Records Retention and Redacting/Removing Sensitive Data 06/2012
Security Incident Management Responsibilities 06/2012
Recommendations for Business Continuity Planning and Disaster Recovery Planning 06/2012
Encryption Guidelines 05/2014
Domain Name Aliases 08/2001
Handling Sensitive Personally Identifiable Information 06/2015
Federated Identity Information 07/2015
High Bandwidth Consumption Systems 10/2015