Requirements for Faculty/Staff

All RIT faculty and staff are required to read, understand, and comply with the RIT Code of Conduct for Computer and Network Use and the RIT policy regarding Digital Copyright. Administrators should visit the Resources page for implementation, configuration, guidelines, and best practices.

Security Standards

Standard When does it apply?
Desktop and Portable Computer Standard Always
Password Standard Always
Information Access & Protection Standard Always
Cyber-Security (Computer) Incident Handling Standard Always
Portable Media Standard If you are storing private or confidential information on portable media, such as USB keys, CDs, DVDs, and flash memory. If you must store private information on portable media, the media must be encrypted.
Web Security Standard

If you have a website at RIT, official or unofficial, and you:

  • Own, administer, or maintain an official RIT web page that hosts or provides access to private or confidential Information.
  • Use RIT authentication services
Signature Standard If you are sending out an e-mail, MyCourses, or RITmail communication relating to university academic or business purposes. This applies to both RIT and non-RIT email accounts.

Server Security Standard

If you own or administer any production, training, test, or development server, and/or the operating systems, applications or databases residing on it.
Network Security Standard

If you own or manage a device that:

  • Connects to the centrally-managed university network infrastructure
  • Processes RIT Confidential or Operationally Critical information
Account Management
  • If you create or maintain RIT computer and network accounts.
  • Managers reporting changes in access privileges/job changes of employees.
Solutions Life Cycle Management

RIT departments exploring new IT services (including third-party and RIT-hosted, and software as a service) that meet any one or more of the following:

  • Host or provide access to private or confidential information
  • Support a Critical Business Process
Disaster Recovery

For business continuity and disaster recovery. Applies to any RIT process/function owners and organizations who use RIT information resources.

NOTE: The “in compliance by” date for this standard is January 23, 2016.

All instances of non-compliance with published standards must be documented through the exception process.

Information Handling Quick Links

Link Overview
Digital Self Defense 103 - Information Handling Covers important security issues at RIT and best practices for handling information safely.
Disposal Recommendations How to safely dispose of various types of media to ensure RIT Confidential information is destroyed.
Recommended and Acceptable Portable Media List of recommended and acceptable portable media devices (such as USB keys, CDs, DVDs, and flash memory).
Mobile Device Usage Recommendations Recommendations for mobile device usage at RIT
VPN Recommended for wireless access to RIT Confidential information.


If you have questions or feedback about specific information security requirements, please contact us.