IT Policies, Standards & Guidelines


Policy on the Acceptable Use of Information Technology Resources

IT resources are provided to support the academic, research, instructional, and administrative objectives of the university. The UMD Policy on the Acceptable Use of Information Technology Resources sets forth standards for responsible and acceptable use of university information technology (IT) resources. These resources include computer systems, computer labs, applications, networks, software, and files.

Privacy Policy

This statement pertains exclusively to the collection of personal information on official university websites.

University Policies and Procedures

The Consolidated USM and UMD Policies and Procedures Manual provides the university community with a written record of approved and current administrative, academic, operational, financial, and business policies and procedures.

The University System of Maryland Bylaws, Policies, and Procedures detail additional policies, procedures, guidelines, and rules applicable to the entire University System of Maryland.

Maryland State Government

The State Information Technology Security Policy and Standards


IT Security Standards

University policy X-1.00(A), "Policy on Acceptable Use of Information Technology Resources" specifies that "Those using university IT resources, whether at the university or elsewhere, are responsible for complying with security standards set forth by the Vice President and Chief Information Officer (VP/CIO)." The following are those standards:

Standard for IT Security Roles and Responsibilities

Data Classification Standards

Data are strategic assets of the university and must be handled in compliance with regulatory and legal obligations. These standards serve as a supplement of the University of Maryland Policy on Data Management Structure and Procedures - VI-23.00(A) and set criteria for classifying institutional data into categories and for determining what baseline security controls provide an appropriate protection to confidentiality, integrity or availability of the institutional data.

Web Accessibility Standards

The university's IT Council approved Web Accessibility Standards in December 2016. UMD is committed to creating and maintaining a welcoming and inclusive educational and working environment for people of all abilities and to ensuring equal access to information and services for all its constituencies. Web-based information and service delivery are the primary means by which the campus community and its visitors communicate and conduct business. These are minimum standards for the accessibility of all university Web pages used to conduct core university business and academic activities to ensure compliance with applicable state and federal regulations, specifically, Sections 504 and 508 of the Rehabilitation Act of 1973, and the Americans with Disabilities Act (ADA) of 1990.

Interim Standard for Protecting Sensitive Information

All members of the university community share in the responsibility for protecting information resources to which they have access. The purpose of this interim standard is to establish minimum standards and guidelines to protect against accidental or intentional damage or loss of data, interruption of university business, or the compromise of sensitive information.


Student Network Guidelines

The University of Maryland provides students with the capability to connect their computers to the university network in the residence halls, the houses on Fraternity Row, via wireless access points located throughout the campus, and at network jacks in select public locations. This access is provided for the purpose of facilitating student academic activity, whether or not such activity directly relates to formal course work. There are restraints on network use as stated in law and the university's Policy on the Acceptable Use of Information Technology Resources. There are restrictions placed on usage based upon the need for security and the costs associated with providing network services.

Student Network Guidelines

Decide Whether Data is Subject to HIPAA Guidelines

Decision flowchart to help guide data security planning