The Catholic University of America

Information Security and Assurance Policy

Additional History

3/9/15: The policy was revised to clarify the definition of "Confidential Information," to include data classifications ("Internal Use," "Public," and "Restricted Use"), and to add sections addressing System Access Requirements and Responsibilities.  Language also was added addressing e-mail security, disposal of information and equipment, and off-campus computing.

10/4/11: Summary of changes

4/6/11: In section V, the second paragraph was changed to indicate a breach must be reported to the Assistant Director of Networks and Security (title change) instead of the Information Security Plan Coordinator or the Network Security Officer. This is due to current staffing in CPIT. For the same reason, a sentence was added that HIPAA breaches must be reported directly to the CIO.

6/14/07: Policy Reissued in New Format with New Title (Information Assurance)
Major Updates necessary due to changes in technology, and changes in industry standards (such as PCI compliance)

11/4/05: Policy was reformatted according to the standard template. No changes were made to the substance of this policy