Columbia University IT Policies and Strategies
Columbia University maintains certain policies with regards to the use and security of its computer systems, networks and information resources.
All users of these facilities are required to adhere to these policies. These policies are meant to protect the University's computer systems, networks, data and other information resources.
Columbia University's IT Policies apply to the entire Columbia community, including faculty, staff, and students.
This summary table provides high-level information about the IT policies which are published in the Columbia University Policies Catalog.
- Policy Name
- Information Security Charter
- Policy description / purpose
- Establishes the personnel responsibilities and functions within the Information Security Program and defines key terms and definitions used and referenced by the twelve IT policies
- Policy Name
- Acceptable Usage of Information Resources Policy
- Policy description / purpose
- Provides guidance for the appropriate access and use of University information resources, proper conduct when using those resources and privacy expectations
- Policy Name
- Email Usage Policy
- Policy description / purpose
- Provides guidance for: proper use of email, necessary actions for sending sensitive data via email and privacy expectation
- Policy Name
- Registration And Protection Of Endpoints Policy
- Policy description / purpose
- Provides general protection requirements for desktop and laptop computers, mobile devices and any endpoints that contain University data.
- Policy Name
- Data Classification Policy
- Policy description / purpose
- Classifies University information/data into four categories: Sensitive Data, Confidential Data, Internal Data, and Public Data
- Policy Name
- Social Security Number (SSN) Usage Policy
- Policy description / purpose
- Provides guidance for SSN usage and how to eliminate unnecessary storage and use of SSNs as the primary identifier at the University, where possible
- Policy Name
- Electronic Data Security Breach Reporting and Response Policy
- Policy description / purpose
- Establishes the responsibilities of the University Response Team (URT) for handling all aspects of a data breach incident and also provides an incident response checklist to triage the data breach
- Policy Name
- Sanitization And Disposal Of Information Resources Policy
- Policy description / purpose
- Defines the requirements for appropriate data deletion and proper disposal methods to be used when discontinuing use of University devices
- Policy Name
- Network Protection Policy
- Policy description / purpose
- Defines the requirements that all network, communications and telecommunications-related equipment and devices, including cabling, be installed and maintained by authorized Columbia University's network and technology support groups
- Policy Name
- Registration And Protection Of Systems Policy
- Policy description / purpose
- Describes the requirements for the security controls that protect systems that process, transmit and/or store University data
- Policy Name
- Information Resource Access Control And Log Management Policy
- Policy description / purpose
- Describes the process of establishing, documenting and reviewing appropriate access to Columbia University information resources
- Policy Name
- Information Security Risk Management Policy
- Policy description / purpose
- Provides guidance for the information security risk management program process
- Policy Name
- Business Continuity And Disaster Recovery Policy
- Policy description / purpose
- Defines acceptable methods for business continuity and disaster recovery planning for the University's business following the loss of systems that are critical to the operations of a business unit
- Policy Name
- External Hosting Policy
- Policy description / purpose
- Describes the requirements for appropriate and approved use of externally hosted Columbia University Systems and/or Data.
- Policy Name
- Electronic Signature Policy
- Policy description / purpose
- Establishes requirements for the use of electronic signatures in lieu of handwritten signatures in connection with official University activities, in order to ensure that electronic signatures are used consistently with University's Policies.
- Data Classification Policy
- Sanitization and Disposal of Information Resources Policy
- Electronic Data Security Breach Reporting and Response Policy
- Social Security Numbers (SSN) Usage Policy
- Information Resource Access Control and Log Management
- Email Usage Policy
- External Hosting Policy
- Electronic Signature Policy
- E-Signature Committee Approved Use-Cases (2017-11-15)
Columbia University's IT Strategies
Developed in partnership with Columbia's localized IT groups to guide University-wide strategy.
- API Strategy: This API strategy for Columbia explains our motivation and approach to building an API ecosystem for the benefit of our faculty, students, staff, peers and others.
- Cloud Strategy: Explanation of why the use of cloud services is important to Columbia and how to benefit from them in a way that is optimal across the CU enterprise and comports to the University’s security and business requirements.
- People Data Model: A comprehensive and consolidated approach to standardize data types and enable effective sharing of information about Columbia University's people: students, faculty, staff, alumni, clients, patients, etc.