OF RECORD |
|
March 01, 2016, Volume 62, No. 25 |
Penn’s Computer Security Policy
The Network Policy Committee, IT Roundtable and the Vice President for ISC wish to call your attention to a recently approved revision to Penn’s Computer Security Policy. This is a revision to a policy first approved on March 8, 2010. The purpose of the policy is to protect the confidentiality, integrity and availability of University data, and to protect Penn’s computing and network infrastructure.
The revisions to the Computer Security Policy introduce two new requirements: where applicable, Penn-owned computers are to be managed using an endpoint management solution selected and supported at the School or Center level, and servers with confidential data must be part of a logging program. Details relating to the associated tools and scope of these requirements, as well as timeframes for implementation and the process for appeals, are all described in the updated policy.
The principal changes are in Statement of Policy sections VIII.1.5 and VIII.3.10, VI. Definitions, and Best Practices IX.15. Other updates and edits have been made throughout the policy and review of the entire policy is encouraged. Section XI, References, has been updated to reflect the draft policy changes and to provide current references for other parts of the policy.
Faculty and staff may wish to contact their Local Support Provider (https://www.isc.upenn.edu/get-it-help) for assistance in meeting the requirements of this policy.
For other questions related to this policy, contact the Network Policy Committee at network-policy@isc.upenn.edu
The full text of the policy can be found online at http://www.upenn.edu/computing/group/npc/approved/20100308-computersecurity.html
|