Guidelines & Procedures
General Information
Guidance For Staff and Faculty
- Best Practices for Remote Access
- Information Security Program Overview
- Intro to NIST Special Publication 800-171 for Higher Ed
- Security Awareness Training Compliance
Compliance Checklist
3rd Party Guidance
- Guidance on Software Downloads and Click Through Agreements
- ISO Common Vendor Responses
- NDA form to request SOC2's and other Security documents
- Security language in Contract template (restricted viewing)
- SOC Review Form Template
- What is a SOC Report and why is it important?
Guidelines
- Cloud Configuration Guideline
- Configuration Management Database Asset Inventory Guideline
- Data Governance Guideline
- GDPR - DPA Guidance
- How to address GDPR Survey Gaps Guidance
- Web Application Security Testing Guidelines
Processes and Procedures
- ASU Device Onboarding Process (restricted viewing)
- Enterprise System Change Management Process (restricted viewing)
- EDNA Application Account Procedure
- EDNA Password Configuration
- HIPAA System Access Procedure
- HIPAA Training Annual Update Process
- Incident Response Process (restricted viewing)
- Logging Best Practices
- PeopleSoft Privileged Account – Production Process ID Procedure
- PeopleSoft Privileged Administrator and Developer Account ID Procedure
- Security Reviews
- UTO Data Center Access Procedure
- UTO MDF Physical Access Procedure
Data Storage
- ASU Data Storage Guidelines (restricted viewing)
- ASU Data Handling Storage Matrix (restricted viewing)
- Best Practices for Dropbox Data Storage at ASU (restricted viewing)
- Best Practices for Sharing Google Docs at ASU (restricted viewing)
- Best Practices for OneDrive for Business Data Storage at ASU (restricted viewing)