Policies and Procedures

The UTN Network and Information Security Policy (pdf) was developed with collaboration and guidance of the UTN Technical Subcommittee, the UTN Advisory Board (now Council), the University of Utah Office of General Counsel and the University of Utah Information Security and Privacy Office. 

The policy was updated on 2/20/2015 by the UETN Governing Board at the recommendation of the UTN Advisory Council and Technical Subcommittee, who worked with UTN staff to address vulnerability remediation. The policy is intended to encourage member sites to remediate vulnerabilities within a defined timeframe.  If not, sanctions may be implemented and the UTN Vulnerability Compliance Procedure must be followed.

UTN Vulnerability Management Procedure (pdf), details of the procedure, also approved, include a communication plan, sanctions, and a timeline. Vulnerabilities are defined by levels 1 through 5, with level 5 being the most severe. A level 5 vulnerability can lead to the compromise of a site’s entire network security.

The communication plan includes notification of the vulnerability and guidance for remediation, written and verbal communication, multiple warnings regarding pending sanctions, and a generous timeline.