Account and Email Address Policy | UIS

Describes the types of automatically created and sponsored accounts and email addresses.

See Account and Email Address Policy in the Helpdesk Knowledgebase.

Appropriate Use Policy for Information Technology | UIS

POL-UIS4518

All users of the Information Technology at Pacific University are required to follow this policy. Please ensure you understand the policies before using university technology. Questions or concerns should be directed to the Technology Helpdesk.

Tuesday, March 1, 2022

Biomedical Device Policy and Procedure | UIS

POL-UIS4504

Pacific University utilizes a variety of IT equipment to support patient care and communicate with healthcare information systems including desktop computers, servers, laptops, and biomedical devices. Biomedical devices typically measure physiological characteristics of patients and in some cases may not use or look like a traditional computer, yet they may store electronic protected healthcare information (ePHI).

Policy addresses security of devices/equipment while in use by Pacific workforce. Details encryption and physical safety measures as well as removal of PHI from devices.

PUNID required to review policy.

Tuesday, Jan. 29, 2019

Cell Phone Service Guidelines and Policy | UIS

Cellular telephones and cellular-based wireless communications devices can be an effective resource for campus employees in the performance of their job duties. For employees who spend considerable time outside of their assigned office area, or who must be accessible outside of scheduled or normal work hours, a cellular or mobile device can be a significant benefit. Based on job duties, certain employees may qualify to be provided a stipend to cover the business use of personal cell phones.

Cell Phone Stipend Agreement | UIS

This is the agreement and form to request a cell phone stipend for an employee.  For more information see the Cell Phone Service Guidelines and Policy.

Monday, June 29, 2015

Data Integrity Policy | UIS

POL-UIS4505

Pacific University has adopted this Data Integrity Policy and Procedure to ensure the confidentiality, integrity, and availability of all Protected Data we create, receive, maintain, or transmit as required by federal or state regulatory requirements, including but not limited to FERPA, GLBA, HIPAA, PCI, and other regional or local applicable laws and requirements.

The policy establishes a standard to instruct and guide workforce members in the appropriate access, use, storage, and transmission of protected data. Policy requires audits of user access rights to protected data. The university will leverage appropriate security safeguards to support the integrity of Protected Data.

PUNID required to review policy.

Tuesday, Jan. 29, 2019

Facilities Access and Maintenance Control Policy and Procedures | UIS

POL-UIS4506

In support of the physical security safeguards described in NIST standards, Pacific University will implement policies and procedures to prevent unauthorized access to facilities and document the repairs and modifications to the physical components of a facility related to Protected Data security (for example, hardware, walls, doors and locks). This includes access to defined spaces as well as maintenance performed on equipment.

PUNID required to review policy.

Tuesday, Jan. 29, 2019

In-Library Computer/Internet Acceptable Use Policy

POL-LIB2603

The Pacific University Libraries seek to advance critical inquiry, collaborative learning, and knowledge creation through dynamic services, spaces, and collections. The Libraries’ enactment of this mission is guided by our core values, which prioritize providing opportunities to engage with diverse ideas, providing services that contribute to equitable access to information, and the use of inclusive approaches to delivering services.

Aligned with this mission and these values, the Libraries provide information technology resources — desktop and laptop computers configured to allow unfiltered access to subscribed and open Internet information resources — that are available both to Pacific University students, staff, and faculty and to external community patrons for use in Libraries facilities. The primary intended purpose of these resources is to support the teaching, learning, research, service, and administrative activities of the Pacific community; a secondary purpose is to support the personal information technology/resource needs of the Pacific community and the academic and personal needs of external community members.

Access to these information technology resources and to subscribed and open Internet resources is provided in compliance with the American Library Association’s (ALA) Library Bill of Rights and the ALA Access to Digital Resources and Services: An Interpretation of the Library Bill of Rights statement.

This Computer/Internet Use Policy is intended to elaborate on and extend the Pacific University Appropriate Use Policy for Information Technology policy; library computer users should refer to that policy as the primary source of parameters, rights, and restrictions on the use of information technology in Libraries facilities.

Tuesday, July 12, 2022

Information Security - Incident Security Response Policy and Procedures | UIS

POL-UIS4507

Information security related incidents impact Pacific University's (Pacific) security goals and may also harm its ability to conduct business. These incidents may be malicious in nature or accidental. Pacific has selected and implemented a set of safeguards, which are based on the result of risk assessments and information security standards. In the event of a security related incident, this policy addresses the methods for identifying, responding to and, when possible, preventing security incidents. The Incident Response Team includes the Information Security Officer, the Privacy Officer, the Director of Legal Affairs and may include other department directors as needed.

PUNID required to review this policy.

 

Tuesday, Jan. 29, 2019

Information Security Sanctions Policy | UIS

POL - UIS4508

This policy sets forth Pacific's approach to applying sanctions upon completion of investigations regarding misuse of Protected Data. Attempting to obtain or use, actually obtaining or using, or assisting others to obtain or use Protected Data, when unauthorized or improper, will result in counseling and/or disciplinary action up to and including termination.

Pacific University has adopted this Information Security Sanctions Policy to ensure the confidentiality, integrity, and availability of all Protected Data we create, receive, maintain, or transmit as required by federal or state regulatory requirements, and other regional or local applicable laws and requirements.

Supplemental Document: FRM-UIS4508-1 Pacific University Sanctions Matrix

PUNID required to review this policy.

Tuesday, Jan. 29, 2019

Information Systems Access Control and Management Policy and Procedures | UIS

POL-UIS4510

Appropriate management of access to Protected Data is an important aspect of Pacific University's information security strategy. The policy outlines requirements and process for granting members of the workforce appropriate levels of access to electronic Protected Date based on study or work-related duties and responsibilities. Policy also outlines the documented process for granting authorization and access to Protected Data.

PUNID required to review policy.

Tuesday, Jan. 29, 2019

Information Systems Activity Review and Audit Policy and Procedures | UIS

POL-UIS4509

The goal of Information Systems Activity Review is to prevent, detect, contain, and correct security violations and threats to Protected Data such as unauthorized access to the information systems, suspicious data use, or tampering.

Designated workforce members in each college, school or department will review any unauthorized access to the information systems, suspicious data use or tampering. They will take appropriate action regarding potential system vulnerabilities, improve safeguards as needed, and work with the Pacific University Privacy Officer and/or the Information Security Officer on appropriate action items.

PUNID required to review policy.

Implementation Guidance Worksheet:
AA Legal Policies FRM-UIS4509-1 Healthcare System Activity Review and Audit Template 04-19

Tuesday, Jan. 29, 2019

Information Technology Standard - Encryption Policy

POL-COM4820

The purpose of this standard is to define approved methods for using encryption technology to ensure the integrity and confidentiality of electronic protected health information (ePHI) and other Pacific University confidential information while at rest and during transmission. This standard applies to all data that is considered Pacific University confidential information, including ePHI when it is at rest, being processed, or transmitted between information technology resources.

Data encryption technology and mechanisms exist to help ensure the confidentiality and integrity of data.  This standard is designed to help Pacific University’s UIS Department determine when it is necessary to utilize encryption, and what type and/or level of encryption to employ. Pacific University security standards for Encryption Technology are based upon industry standards, HIPAA, National Institute of Standards & Technologies (NIST) security guidelines, and existing Pacific University policies on Information Security.

PUNet ID required to review

Revised 2/8/2022

Monday, Dec. 1, 2014

Information Technology Standard - HIPAA File Storage in Box - Policy

POL-COM4819

The purpose of this standard is to define approved methods for using box.com to ensure the integrity and confidentiality of protected health information (PHI) and other Pacific University confidential information while at rest and during transmission. This standard applies to all data that is considered Pacific University confidential information, including PHI, and is being stored in Box, regardless of its storage duration.

Business and instructional needs may require the storage of PHI in the box.com file storage and sharing service (Box). Box provides tools to ensure that PHI remains private and secure. This standard is designed to provide guidelines to Box users who are storing, sharing or accessing PHI in Box, to make best use of those tools to ensure the integrity, privacy and security of that information.

PUNet ID required to review
Updated September 2023

Tuesday, Feb. 9, 2016

Information Technology Standard – Workstation Configuration Policy

POL-COM4821

This standard establishes a consistent set of minimum security measures required for computer workstations used within Pacific University. This standard also addresses standards for vendor and personally owned workstations when they are connected to Pacific University’s systems and networks.The elements of this standard include requirements for installation and configuration, access control, physical security, document storage, logging and monitoring, and change management. Pacific University security standards are based upon industry standards, HIPAA, National Institute of Standards & Technologies (NIST) security guidelines, and existing Pacific University policies on Information Security.

This standard applies to all Clinical workstation connected to the Pacific University network. All clinical workstations deployed run Windows and will be configured to policy requirements.

Updated 3-08-2022

PUNet ID required to review

Wednesday, Nov. 14, 2018

IT Guidelines and Policy for International Travel | UIS

POL - UIS4500

International travel significantly increases the risks of theft or loss of IT equipment and of malware infection that can compromise accounts.  This policy helps to manage these risks and thus manage the risk to university protected data and records. There are also potential legal issues surrounding traveling with encryption and this policy helps manage risk of legal action to the university or its employees.

Tuesday, May 15, 2018

Mobile Device Policy | UIS

POL-UIS4511

Workforce members of Pacific University are generally not issued smart phones or similar mobile devices, which have the ability to connect to the Pacific network and download data. To support mobile access for the workforce, Pacific has adopted a "bring your own device" (BYOD) approach, which permits workforce members to utilize personally owned devices to access Pacific email, calendar, contacts and other resources. This policy applies to both personally owned devices and Pacific-owned devices.

The use of personally owned mobile devices to access Pacific data remotely might inevitably lead to users storing Pacific data on their personally owned devices. While Pacific determines the financial and technical feasibility of implementing technical controls and mobile device security enhancements, the university has adopted the measures described in this policy to safeguard university Protected Data.

PUNID required to review policy.

Revised 2/8/2022

Tuesday, Jan. 29, 2019

Online Storage of Administrative Work Files

POL - UIS4519

Work files should be stored in places with appropriate controls that provide for business continuity.  When faculty and staff members store work files in areas not managed by their departments, there is a significant risk of the disruption of operations if the files become inaccessible because the employee is unavailable due to leave or ceases to be employed at the university.  UIS does not have a quick, efficient, or guaranteed way to retrieve files stored in non-managed areas and services, and any retrieval of files owned by an employee requires an exception to the employee privacy policy section of the Appropriate Use for Information Technology Policy.  Thus, this document establishes that supervisors have a right, and often a duty, to ask employees under their supervision to organize work files so that the supervisors have access to them, and that employees are expected to do so when asked.  Exceptions are provided for most types of academic files and personal copies of personal copies of performance evaluations.

Training opportunities will be provided leading up to the October 1, 2024 adherence date when enforcement of this policy will occur.
View the Knowledge Base article on this topic with helpful tips and instructions. 

Monday, July 15, 2024

Pacific University Password Policy | UIS

POL-UIS4501

The purpose of this policy is to establish a standard for creation of strong passwords, the protection of those passwords, and the frequency of change.

Passwords are an important aspect of computer security. A poorly chosen password may result in the compromise of Pacific University's entire university network.

Tuesday, Jan. 29, 2019

Pharos Print Credit Policy

POL-UIS4512

The purpose of this policy is to provide guidelines for use of printing credits for the Pharos stations located on Pacific University’s Forest Grove, Hillsboro, Eugene, and Woodburn campuses. This policy applies to all Pacific University students and employees.

University Information Services (UIS) deploys and maintains printing and copy stations to numerous locations at Pacific University campus locations where there are high concentrations of students. This system is primarily for student use. Employees should utilize printing resources provided by their departments or use the Service Center for larger quantities of copies but may use the Pharos printing system for small quantities when away from their departmental resources.  All employee Pharos printing charges will be billed to the employee’s department. Currently enrolled Pacific University students receive an annual printing credit, currently set at $60.00, for use of the Pharos printing system. The credit does not apply to sponsored student accounts or students who are not currently enrolled in classes.

PUN ID required to review policy.

Friday, April 19, 2019

Pages