Information Resource Access Control And Log Management Policy

Effective Date: October 2013

Latest Revision:  July 2016

Revised: November 2014

I. Introduction

This Policy describes the process of authorizing, establishing, documenting, reviewing and modifying appropriate access to Columbia University Information Resources that process, transmit and/or store Data (as each term is defined in the University’s Information Security Charter (the “Charter”) http://policylibrary.columbia.edu/information-security-charter. 
Such access is limited to faculty, staff, students and contractors of the University who have been properly authorized to carry out legitimate business or academic tasks.

Capitalized terms used herein without definition are defined in the Charter.

II. Policy History

The effective date of this Policy is November 1, 2013.  This Policy and the other Information Security Policies replace (A) the following University Policies:

1. Acceptable Use of IT Resources (Network and Computing Policy), dated July 1, 2007
2. Desktop/Laptop/Mobile Devices Security Requirements When Accessing Sensitive Data
3. Electronic Information Server Administration Policy, dated March 1, 2007
4. Remote Access Policy, dated February 1, 2008

and (B) the following CUMC Policies:

1. General Information Security Policy, dated November 15, 2007
2. Information Access Management and Control Policy, dated November 15, 2007
3. Information Security: Audit and Evaluation Policy, dated November 15, 2007
4. Workstation Use and Security Policy, dated November 2012. 

To see the full text of this policy, please use the link on the right.