Top Searches:

Panorama Presents Animapalooza Dec 5, 2025

The Nutcracker Dec 5-7, 2025

UNCSA Cantata Singers Holiday Concert Dec 7, 2025

UNCSA Guitar Studios in Recital Dec 7, 2025

Photona Dec 12, 2025

Balourdet Quartet - Learning to Fly Jan 13, 2026

See All Events
 
Home > UNCSA Policy Manual > 500. Information Technology > Information Technology Regulation 514

Information Technology Regulation 514

Regulation 514 Approved: March 10, 2025
UNIVERSITY OF NORTH CAROLINA SCHOOL OF THE ARTS
Information Technology 
Regulation 514
Source of Authority: UNC System adoption of ISO/IEC 27002
ISO/IEC 27002:2013 8.2 Classification of Information
UNC System Policies 1400 Series on Information Technology
Revision Authority: Chancellor
History:

First Issued: March 10, 2025
Related Policies: Information Technology Security Regulation 512
Responsible Offices:

Office of Information Technology
Effective Date: March 10, 2025

1. Introduction

This Information Technology (IT) Regulation outlines the comprehensive approach for governing and managing IT resources, data security, compliance, and risk management at the University of North Carolina School of the Arts (UNCSA). It establishes the framework for ensuring the protection, privacy, and integrity of information systems, networks, and data, while adhering to applicable regulatory standards and best practices.
________________________________________

2. IT Governance and Oversight

Purpose: Ensure IT resources and services are aligned with the university’s goals and strategic objectives, while providing robust oversight of technology operations.

Related Standards:
• IT Governance and Risk Management Standard (UNCSA-ITG-001)
________________________________________

3. Data Protection and Security

Purpose: Safeguard sensitive data, including personally identifiable information (PII), protected health information (PHI), and financial records, from unauthorized access, misuse, or loss.

Key Requirements:
• Data must be classified, encrypted, and securely stored according to its sensitivity level.
• Data access must be limited to authorized users based on the principle of least privilege.

Related Standards:
Data Classification and Handling Standard (UNCSA-DCH-002)
Data Encryption Standard (UNCSA-DES-003)
________________________________________

4. Acceptable Use of IT Resources

Purpose: Define acceptable and unacceptable behaviors in the use of UNCSA’s IT resources.

Key Requirements:
• IT resources should only be used for academic, research, and administrative purposes.
• Prohibited activities include unauthorized access to systems, illegal content downloads, and misuse of university-owned devices.

Related Standards:
Acceptable Use Policy (UNCSA-AUP-005)
________________________________________

5. Access Control and Identity Management

Purpose: Implement access controls to ensure only authorized users can access sensitive or critical systems and data.

Key Requirements:
• Authentication mechanisms, including multi-factor authentication (MFA), must be employed.
• Role-based access control (RBAC) should be enforced to limit user access to systems based on their job responsibilities.

Related Standards:
• Access Control Standard (UNCSA-ACS-007)
• Password Management and Authentication Standard (UNCSA-PMAS-008)
________________________________________

6. Network and System Security

Purpose: Ensure the protection of networks and systems from unauthorized access, attacks, and other security threats.

Key Requirements:
• Implement firewalls, intrusion detection/prevention systems (IDS/IPS), and secure communication protocols.
• Regular patching of systems is required to protect against known vulnerabilities.

Related Standards:
System Configuration Standard (UNCSA-SCS-011)
Network Security Standard (UNCSA-NSS-013)
________________________________________

7. Incident Response and Reporting

Purpose: Establish a clear framework for responding to and reporting security incidents to minimize damage and ensure compliance with regulatory requirements.

Key Requirements:
• A formal incident response plan must be in place, including clear steps for containment, investigation, and remediation.
• All incidents must be reported to the IT Security Team promptly.

Related Standards:
Incident Response Plan (UNCSA-IRP-013)
________________________________________

8. IT Compliance and Legal Requirements

Purpose: Ensure compliance with all relevant laws, regulations, and industry standards, including GLBA, PCI-DSS, HIPAA, and other applicable requirements.

Key Requirements:
• Regular audits and assessments must be conducted to ensure compliance.
• Necessary training programs must be implemented to keep staff and students informed about compliance obligations.

Related Standards:
Compliance and Legal Requirements Standard (UNCSA-CLRS-027)
________________________________________

9. Employee and Student Training and Awareness

Purpose: Foster a culture of security awareness and ensure that all employees and students understand their responsibilities related to IT security and compliance.

Key Requirements:
• Mandatory cybersecurity training programs for employees, students, and contractors.
• Annual refresher courses to keep everyone up to date on the latest security practices.

Related Standards:
Security Awareness and Training Standard (UNCSA-SATS-014)
________________________________________

10. IT Policy Enforcement

Purpose: Ensure adherence to IT policies through monitoring, auditing, and enforcement mechanisms.

Key Requirements:
• Violations of IT policies will result in appropriate disciplinary actions.
• Regular audits and compliance checks will be conducted to ensure policy compliance.

Related Standards:
IT Policy Enforcement Standard (UNCSA-IPES-015)
________________________________________

11. Policy Review and Updates

Purpose: Ensure that IT policies remain current, effective, and aligned with institutional goals and regulatory requirements.

Key Requirements:
• Policies must be reviewed annually and updated as needed based on changes in technology, regulatory landscape, or business needs.

Related Standards:
• Policy Review and Update Standard (UNCSA-PRUS-016)
________________________________________

12. Wireless Network Security

Purpose: Secure the university’s wireless networks from unauthorized access and cyber threats.

Key Requirements:
• Wireless networks must use strong encryption protocols (e.g., WPA3).
• Guest networks should be isolated from internal systems and networks.

Related Standards:
• Wireless Network Security Standard (UNCSA-WNS-021)
________________________________________

13. Capacity Planning

Purpose: Ensure IT systems have sufficient capacity to handle current and future demands.

Key Requirements:
• Regular assessments must be conducted to evaluate system capacity and performance.
• A proactive approach should be taken to forecast future resource needs.

Related Standards:
• Capacity Planning Standard (UNCSA-CP-017)
________________________________________

14. Risk Assessment

Purpose: Identify, assess, and mitigate risks to IT systems and data.

Key Requirements:
• Regular risk assessments must be conducted to identify vulnerabilities.
• Mitigation strategies should be implemented to address identified risks.

Related Standards:
Risk Assessment Standard (UNCSA-RAS-018)
________________________________________

15. Sanitation and Secure Disposal of Technology Resources and Data

Purpose: Ensure that all technology resources and data are securely disposed of when they are no longer required.

Key Requirements:
• All data must be securely erased or destroyed before disposal.
• Technology resources must be sanitized to remove any residual data before disposal or repurpose.

Related Standards:
• Sanitation and Disposal Standard (UNCSA-SDS-019)
________________________________________

16. Secure Coding

Purpose: Ensure that all software development at UNCSA follows secure coding practices to minimize vulnerabilities.

Key Requirements:
• Developers must adhere to secure coding standards throughout the development lifecycle.
• Code must be regularly reviewed for security vulnerabilities.

Related Standards:
• Secure Coding Practices Standard (UNCSA-SCP-025)
________________________________________

17. Security Configurations

Purpose: Ensure systems and applications are securely configured to minimize vulnerabilities.

Key Requirements:
• Systems must be configured based on security best practices and hardened against attacks.
• Security patches must be applied regularly.

Related Standards:
• Security Configuration Management Standard (UNCSA-SCMS-026)
________________________________________

18. Vulnerability Management

Purpose: Regularly assess and address vulnerabilities in IT systems.

Key Requirements:
• Vulnerability scanning should be conducted on all systems, and identified vulnerabilities should be remediated promptly.
• Systems must be continuously monitored for potential security threats.

Related Standards:
Vulnerability Management Standard (UNCSA-VMS-027)
________________________________________

19. Media Protection

Purpose: Ensure that physical and digital media containing sensitive information is protected.

Key Requirements:
• Sensitive data on physical media must be securely encrypted or destroyed.
• Digital media must be protected with strong encryption methods.

Related Standards:
• Media Protection Standard (UNCSA-MPS-027)
________________________________________

20. Physical Security

Purpose: Safeguard physical IT resources from unauthorized access, theft, and damage.

Key Requirements:
• Data centers and server rooms must be secured with access controls.
• Proper environmental controls must be in place to prevent damage from fire, water, or other hazards.

Related Standards:
• Physical Security Standard (UNCSA-PSS-028)
________________________________________

21. Third-Party Supplier Risk Management

Purpose: Ensure third-party suppliers meet the university’s security standards and do not introduce risks to IT systems or data.

Key Requirements:
• Third-party suppliers must undergo risk assessments before being granted access to UNCSA systems.
• Contracts with third-party vendors must include security and compliance clauses.

Related Standards:
• Third-Party Risk Management Standard (UNCSA-TPRM-029)
________________________________________

22. Business Continuity Plan

Purpose: Ensure the availability and continuity of IT services in case of disruption.

Key Requirements:
• A comprehensive business continuity plan must be in place, outlining disaster recovery, backup strategies, and critical system restoration.
• Regular testing of the business continuity plan is required.

Related Standards:
• Business Continuity and Disaster Recovery Standard (UNCSA-BCDR-030)
________________________________________

23. Remote Access Controls

Purpose: Secure remote access to UNCSA IT systems and resources.

Key Requirements:
• Remote access must be provided through secure virtual private network (VPN) connections.
• Remote devices must meet security standards, including up-to-date antivirus and encryption.

Related Standards:
Remote Access Security Standard (UNCSA-RAS-029)
________________________________________

Conclusion

This IT Regulation document establishes the guidelines for the proper management, security, and use of IT resources at UNCSA. It is essential that all staff, students, contractors, and third-party vendors comply with these policies and the referenced standards to ensure the university’s technology infrastructure is secure, compliant, and resilient. Regular reviews and updates will be conducted to keep the policies aligned with evolving technology and regulatory requirements.