Vanderbilt University has developed information security policies and standards to protect university data and systems. These policies are applicable to the entire Vanderbilt community and should be revisited often to make sure that you are informed and aligned.
For a 1-page cheat sheet summary and a list of commonly asked questions, see the cheat sheet and FAQ page.
See the below table for a full listing of approved security policies and their associated standards. Note that each policy has an effective date listed in the Administrative Information section. The effective date is when full compliance is expected
|Policy Name||Key Topics||Associated Standard or Guideline Name||Key Topics|
|Appropriate Use of Technology Assets Policy|
|Disaster Recovery Policy|
|Identity and Access Management Policy|
|Incident Response Policy|
|Information Security Policy|
|Secure Configuration Management Policy|
|Secure IT Asset Management Policy|
|Security Logging and Monitoring Policy|
|Security Risk Management Policy|
|Vulnerability Management Policy|
The university recognizes that there may be unique/critical business needs or academic pursuits that cannot comply with a particular policy, thus necessitating the need for exceptions.
Click here to find out when a policy exception is needed and how to request one.
Not sure how to start?
Get in touch if you don’t know where to begin, you can’t find the guidance needed on the website, or if you just want to learn more. The Office of Cybersecurity has subject matter expertise and is here for Vanderbilt community to discuss security questions or concerns.