Skip to main content

Search this Site

DartPulse Alerts

VPN Upgrade

"HeartBleed" Website Security

Java Upgrade

Windows XP Alert

 

DartPulse Outages

Overall System Status:

Upcoming Scheduled Outages

New to Dartmouth?

Resources for:

Information Security

Connect with Computing

facebook twitter Wordpress Blog

Dartmouth Information Security Policy

The goal of Dartmouth's Information Security Policy is to protect the institution's confidential information. Faculty and staff have key roles safeguarding critical information by implementing information security policies, standards, and controls. To this end, Dartmouth has adopted a comprehensive security policy for the processing, sharing, and storage of information, including electronic, paper, and other media. This policy is embodied in Dartmouth's Information Security Objectives, a matrix of risk-based security controls.

All Dartmouth offices and employees (faculty and staff) must comply with institutional information security policy, and apply the standards and controls that are applicable to the Dartmouth information they manage and use. Students, alumni, and others who have access to Dartmouth confidential information must also comply with this policy. Applicability is determined by the nature of the information, the risks of unauthorized disclosure or corruption of the information, and relevant regulatory requirements. Personally owned information is not subject to this policy.

Most of the security controls are already in place, or easily implemented. However, in certain circumstances, some security requirements may be difficult to configure, and the Chief Information Security Officer (CISO) will work with concerned parties to implement the security controls within a two-year period (by July 1, 2014). Waivers from compliance with certain security controls may be requested via application to DISC (the Dartmouth Information Security Committee) through the CISO. All new IT systems must comply with the security policy and meet its standards and controls upon implementation.

Guidelines for Dartmouth Community and the DISC Information Information Security Control Objectives (DISC Policy)

 

Information Security Representatives should use information security control objectives for ISRs.

IT Staff should use security control objectives: (excel) (pdf)

Students, faculty, and staff should review security guides.

Vendor Self-Assessment Checklist (excel)

Last Updated: 3/28/14