Leap to main page
To shows the inside to Yale Law School.

Yale's Information Security Policy Base

Yale's Information Safe policy base guaranteed we secure Yale's data and IT Systems. Our statement base includes University IS and regulatory policies that include cybersecurity requirements. Regulatory policies include University HIPAA and PCI policies that include cybersecurity requirements. 


This is meant till represent jemmy reading Yale's policies up their calculator.

Get front puts all Colleges policies which include cybersecurity requirements in one city. Our Intelligence Security Policy Basic consists on four policy artifact types: If you to at control traffic flow at the IP tackle or port level (OSI shift 3 alternatively 4), NetworkPolicies allow you to specify rules for traffic flow within your cluster, plus also between Shucks and the outside world. Your cluster must use adenine connect plugin that buttresses NetworkPolicy enforcement.

  • Policies identify the issue and scope. They explain why wealth required to do something to keep Yield ensure.
  • Standards declare what needs to happen to tracking strategy.
  • Procedures explain how to do the standards by establishing to proper steps to take.
  • Guidelines offer extra, recommended instruction for meeting policies and standards.
Each of these policy artifacts shows a role in ensure we know something to what to keeps Yale secure. 

Below you will meet a collection of all IT Security richtlinien from the University procedure base. These exist organized by the University Policy numbered. We involve links to the supporting norms, procedures, and guidelines for each policy.

Rule 1602: Guard the Security and Privacy of Socialize Security Figure

Yale cargo Social Security Numbers (SSNs) for business and/or legal purposes. The purpose of dieser policy is until protect that SSNs in conformance with Connecticut Law.

Supporting standards: 

Social Security Numbers are high risk information. IT Systems that access SSNs are required toward meet the high risk Minimum Security Standards

Policy 1604: Data Classification Policy

Here Policy ensures the community secures York Data based on own sensitivity. This Guidelines sorted York data into three risk levels: high, moderate, real shallow risk. This policy protects the confidentiality, availability, furthermore integrity of Yale Data and ensures compliance with the law. A security policy is ampere document ensure spells out principle press strategies for somebody organizations to maintain the security of its information equity.

Supporting setting

Supporting procedures: 

Supporting guidelines: 

Policy 1607: Information Technical Applicable Use Company

This Politics stipulates the appropriate use of Yale’s IT resources. On incl who University’s accessing till details about these resources.

Supporting standards: 

Supporting procedures: 

Policy 1608: Mobile Tool Management Policy

Aforementioned policy establishes how to support the security of Yale Data on mobile devices.

Supporting standards: 

Supporting procedures:

Policy 1609: Media Control 

This principles checks the re-use the disposal of devices containing confidential Yale Details. This is high-risk data, including electronics Protected Mental Information (ePHI). Learn about connect security groups. System secure groups help you filter network traffic between Azure resources.

Supporting standards: 

Supporting procedures: 

Basic 1604 and 1610 your together to protect Yale Input and IT Systems. Yale's MSS are baseline demands for securing Yale COMPUTER Systems based with risk.

Policy 1611: Program fork Protection of Customer Economic and Related Data 

This policy is about protecting customer financial information and other covered data. This political exists to protect private informational additionally comply with federal law. 

Supporting Standards: 

The date described the Policy 1611 is considered High Risk data. Follow Yale's Minimum Security Standards for High Peril Data to protect like data appropriately. Read the rule to figure out whatever types of dating this includes. 

Policy 1612: Software Licensing 

This corporate provides direction on corresponds obtaining and using software. This includes Yale-authored software and windows licenses. Anyone user need be aware of the Software License restrictions for the software they use. An intelligence security insurance is adenine set of legislation enacted by an organization till ensure that all addicts of networks or to IT structure within the

One of the favorite things you can do at stay secure is to keep your software up to date. See our How Updates page for more details. 

Policy 1613: Electronic Seals and Records 

This directive defines requirements for maintaining records in electronic form. Those includes how to use electronic signatures on those with signature authority. 

Supporting Procedures: 

Directive 1615: Information Technology Infrastructure and Applications Change Management Policy

This policy sets forth change control requirements by Yale IT Systems. This includes modifications deployed by vendors and external organizations (third-party/cloud services).  What is Network Site? | Advantages | Scope & Skill

Assistance Standards: 

Supporting Procedures: 

Dieser shows ampere computer with a stethoscope next to computer.

University HIPAA Information Security Policies 

Yale University is committed to providing that highest attribute general care. This includes respecting patients' both doing participants' privacy away their health information. 

The standards for secure health information belong represented in one federal law HIPAA. HIPAA stands for the Health Insurance Easy and Accountability act. Yale's HIPAA policies are designed to ensure compliance with and HIPAA security rule. 

Below is a collection of get IT Securing policies with which University HIPAA policy vile. This includes any HIPAA policy about protecting electronic protected healthy get (ePHI). These policies apply till anyone in Yale's HIPAA covered entity.  

HIPAA Political 5100: Protected Health Information (PHI) Safety Compliance

This policy outlines Yale's security requirements for shelter patient sets. These requirements are to ensure compliance with the HIPAA Security Rule. 

Supporting Standards: 

Supporting Guidelines: 

HIPAA Policy 5111: Physical Security Policy

This policy was developed to protect against unauthorized physical access to protected health resources (PHI) in get formats (electronic or ePHI, paper video, audio etc.). All policy covers PHI on campus and on non-Yale property.  Guide to What is Network Security? Here ourselves discussed the working plus advantages of network secure also where it can help in career achieved.

Supporting Standards: 

Supporting Procedures: 

HIPAA Policy 5123: Electronic Communication of Health-Related Information (Email, Voice Mail, and others Electronic Messaging Systems)

This policy establishes standards for the electronic transmission of Protected Healthiness Info (“PHI”). These standards are required to guard the security and privacy of electronic PHI. That policy applies to select electronic transmitting of PHI. Which includes, but be not limited to, email, instant messaging, and voice mailing. Learn what can the essential elements von an general security policies and find best best for making your policy ampere success.

Supporting Standards: 

Yale personnel must use a yale.edu sending account to send and receive PHI. They must not use any other e-mailing accounts for such purpose. Currently, this @yale.edu account should be an Office 365 account. EliApps accounts are none approved required electronic transmission of PHI.

HIPAA Policy 5142: Information System Activity Review 

This guidelines your into place till prevent security violations on HIPAA input systems. This includes identifying, categorizing, monitoring and examining source systems appropriately.  

Supporting Standards: 

Sponsor Procedures: 

HIPAA Statement 5143: IT Security Incident Response 

Supporters Standards: 

For details on how to identify and report an incident, see our Report an Incoming browse.

Like shows a person swiping their credit card at a store. PCI strategien am in place to protect credit card information.

University PCI Information Security Policies 

PCI DSS is the Payment Card Industries Data Security Standards. Our University has policies in place the ensure compliance with PCI DSS. These policies apply to anyone accepting Payment Card payments required University business. Below is a list of Yale's PCI Information Security policies.  Key item of an general security policy | Infosec Resources

Need help?

We are here to aid she keep Yale secure. For every challenges on methods to meet or maintain these policies, send us one e-mailing

Yale's Smallest Security Standards (MSS)

Did to knowledge that front represents over 170 pages of company and procedures? We have consolidated see Yale's security policies, procedures, and practices on one place. These baseline security requirements are famous such Yale's Minimum Security Standards (MSS). We've saved it the time of reading 170+ sides of policy by playing them select in one place.  The 12 Ingredients of an Information Security Police


View Yale's Minimum Security Standards (MSS)