Information Security Program and IT Related Policies

The University continually develops, maintains and improves its information technology (IT) infrastructure and applications to support the creation, storage, modification and sharing of data. These IT systems are essential to the efficient and effective operation of the University. The University, therefore, has a responsibility to institute appropriate safeguards to keep its IT systems and information assets secure. In addition, the University must comply with various regulatory requirements that are also designed to keep certain types of data secure and confidential.

The security of IT systems and information assets is dependent on the individuals managing as well as the individuals utilizing such resources. The University is committed to supporting the principles of academic freedom and the free exchange of ideas and the University's information security policies and programs are intended to support those principles while still maintaining an appropriate level of security.

  • Protect the University's IT systems and information assets from unauthorized access, alteration, disclosure or destruction.
  • Ensure the reliability and availability of the University's IT systems and information assets.
  • Ensure the privacy of faculty, staff and student information and that of other University customers or associates.
  • Identify and prevent identity theft.
  • Protect the reputation of the University and ensure compliance with federal and state laws and regulations.
  • Establish resources and guidelines that allow all individuals within the University community to practice good data stewardship.

  • Policies – reviewed and approved through the Information Security Advisory Committee  and the University-Wide Policy Development Process
  • Standards, guidelines, and procedures which support and carry out the related Policies – reviewed and approved by the Information Security Advisory Committee
  • Awareness & Communication – ensuring the policies and related standards, guidelines, and procedures are adequately shared and communicated to the University community.

Acceptable Use Policy
Cellular Telephones Policy
Computer Software Policy
Computer Software Copying and Use Policy
Connecting Devices to the UAB Voice, Data and Video Network Policy
Digital Mass Communications and Content Policy
HIPAA Standards
Information Disclosure and Confidentiality Policy
Portable Computing Device Security - Laptop Standard
UAB Data Protection and Security Policy
UAB Password/Passphrase Standard
UAB IT Security Practices
UAB/UAB Health System Security Handbook
You and UAB (Handbook for Administrative, Professional and Support Personnel)
Policy Violations

BlazerID Applications Registration Form
Exception Request Form