Request

Forms, Checklists, and Templates

Forms, Checklists, and Templates

Many forms and checklists below are provided as Adobe PDF Fill-in forms and can be filled in and printed from Acrobat Reader. 

NOTE: these forms may contain Javascript. If you need a different format, please contact the RIT Information Security Office at Infosec@rit.edu or call 585-475-4123.

Form Name

Use

Exception Request Form

To request an exception from an RIT Security Standard (PDF Fill-In form)

Non Disclosure Agreement (NDA)

Optional NDA used at department discretion

RIT Systems Support Personnel Non Disclosure Agreement

Required for all systems support personnel

 

Checklist Name

Use

Desktop and Portable Computer Checklist General User

Compliance checklist for use by self-supported faculty, staff, and students.

Desktop and Portable Computer Checklist ITS-Supported Users Compliance checklist for use by ITS-supported faculty, staff, and students. (1/23/13)

Desktop and Portable Computer Checklist Systems Support

Systems support personnel compliance checklist for computers they support.

Server Security Checklist

Compliance checklist for use with the Server Security Standard

Network Security Checklist

Compliance checklist for use with the Network Security Standard

Web Standard Compliance Checklist

Compliance checklist for use with the Web Security Standard

 

Template Name

Use

MSWord RIT Confidential Template

For general marking of Confidential Information

MSWord RIT Internal Use Only Template

For general marking of Internal Information

Information Access and Protection Inventory Template (MS Excel)

For department use in creating an information inventory for Information Access and Protection.

 

Exception Process

Exception Process and Compliance

Anyone not in compliance with an Information Security Standard is subject to sanctions including suspension of computer and network privileges and/or the full range of current Institute personnel and student disciplinary processes.

In a small number of circumstances, it may not be possible to comply with an Information Security Standard.   The Information Security Office has provided the following method for obtaining an exception to compliance with a published information security standard.  Exceptions should be approved and signed by the President, a VP or Dean, or the CIO, as appropriate. (An email endorsing the exception request is acceptable.)

An exception MAY be granted by the RIT Information Security Office for non‑compliance with a standard resulting from:

  • Implementation of a solution with equivalent protection.
  • Implementation of a solution with superior protection.
  • Impending retirement of a legacy system.
  • Inability to implement the standard due to some limitation

 

Exceptions are granted for a specific period of time, not to exceed two years and are reviewed on a case-by-case basis and their approval is not automatic.

The Exception Request should include:

  • Description of the non-compliance
  • Anticipated length of non-compliance
  • Proposed assessment of risk associated with non-compliance
  • Proposed plan for managing the risk associated with non-compliance
  • Proposed metrics for evaluating the success of risk management (if risk is significant)
  • Proposed review date to evaluate progress toward compliance
  • Endorsement of the request by the appropriate Information Trustee (VP or Dean, CIO).

 

If the non-compliance is due to a superior solution, an exception will normally be granted until the published standard or procedure can be revised to include the new solution. An exception request should still be submitted.

 

Submit the Exception Request Form to the Information Security Office, infosec@rit.edu, ROS 10-A200.

Subscribe to RSS - Request