IT Policy is derived from authorities provided to the Chief Information Officer via the University of Iowa Operations Manual. IT policies inform the community as to their roles and responsibilities, as well as enforcement mechanisms for non-conformance with these expectations.  Policies are managed via the Enterprise IT Policy Development and Approval Process.

IT Standards describe technical requirements for conformance with policies; they may describe specific configurations, timelines, or processes to meet these requirements.

IT Guidelines describe best practices for an area that is not yet covered by IT Policies & Standards. As guidelines are communicated to and implemented by the community, they may evolve into policy & standards over time.

Compliance describes how the institution addresses regulatory or industry-standard control requirements. These are normally formulated as Security Management Plans.

Requests for an exception to IT Policies & Standards can be submitted via the webform link here: Request a security exception


References to the Operational Manual and relevant business policies are linked below.


Report a Security Incident

Device compromises or the disclosure of sensitive and or personal information must be reported to the Information Security and Policy Office.