Skip to main content
IT Service Status
IT Service Status

IT Policies, Standards, and Guidelines

Reset Filters
Policies and GuidelinesCategoryType
Appropriate Use of Electronic Resources

Northwestern makes available Electronic Resources to community members so that they can share and store knowledge, communicate, and conduct business in support of the University’s mission. The University is committed to maintaining an environment in which academic freedom thrives. At the same time, the University needs to ensure the security and stability of the Electronic Resources it makes available to community members. More about Appropriate Use of Electronic Resources

Conduct, Computing and Device ManagementPolicy
Authentication Requirements for University Software Applications

Computer applications deployed to members of the University community should use the University NetID as the person’s electronic identifier, and the corresponding password as a necessary (but not always sufficient) credential to authenticate each person. Where appropriate, and in keeping with policies, software applications may require additional credentials beyond the NetID and its password. More about Authentication Requirements for University Software Applications

Privacy and Data ManagementPolicy
Bulk Email Approval Policies and Procedures

These guidelines provide guidance for the appropriate use of bulk email at Northwestern University, and when necessary, the approval to send bulk email through the enterprise NU Bulk Email system. More about Bulk Email Approval Policies and Procedures

Communication, Business and PurchasingPolicy
Central Web Server

The central Web server (called "NUInfo") comprises highly available, high-performance websites containing important information of general interest about the University. More about Central Web Server

System Administration, CommunicationBest Practice
Cloud Computing Guidelines

There are specific considerations for cloud as well as tools and services available that can be leveraged to support the maintenance of compliant environments. More about Cloud Computing Guidelines

Privacy and Data Management, Computing and Device ManagementGuideline
Computer and Networking Purchases at Northwestern University

Official recommendations for departmental, student and personal computer and networking purchases. Revised every three to six months. More about Computer and Networking Purchases at Northwestern University

Network and Connectivity, Business and Purchasing, Computing and Device ManagementPolicy
Contract Language for the Secure Handling of Sensitive Data

This guideline provides official contract language approved by Northwestern University. This language must be included in all software vendor contracts to ensure the safe handling of sensitive University data. More about Contract Language for the Secure Handling of Sensitive Data

Privacy and Data Management, CommunicationGuideline
Data Access Policy

The policy contained in this document will support and promote greater understanding of and appropriate use of data, and heightened awareness of the sensitive nature of data based on various risk factors. More about Data Access Policy

Privacy and Data ManagementPolicy
Disposal of Northwestern University Computers

It is the responsibility of the department or individual in possession of Northwestern-owned computer(s) to ensure that data has been properly removed from the hard drives of computers before removal or redeployment. For equipment acquired using federal funds, you must get approval of Accounting Services for Research and Sponsored Programs (ASRSP) for disposal. More about Disposal of Northwestern University Computers

Privacy and Data Management, Computing and Device ManagementPolicy
Electronic Communications Standard

This Electronic Communications Standard outlines the necessary actions each person or organization with access to Northwestern University electronic communications is responsible for taking to ensure the integrity of the systems and data for which Northwestern is responsible.  More about Electronic Communications Standard

Communication, Privacy and Data ManagementPolicy
Email Distribution Through Listserv

The purpose of listserv at Northwestern University is to facilitate and disseminate information to eligible members and affiliates of the University. Listserv services are available to current faculty, staff and student organizations. More about Email Distribution Through Listserv

CommunicationPolicy
Endpoint Security Standard

This Electronic Communications Standard outlines the necessary actions each person or organization with access to Northwestern University electronic communications is responsible for taking to ensure the integrity of the systems and data for which Northwestern is responsible.  More about Endpoint Security Standard

Computing and Device ManagementPolicy
Firewall Policy

This policy statement is designed to provide guidance on when firewalls are required or recommended, and to raise awareness on the importance of a properly configured (installed and maintained) firewall. More about Firewall Policy

Network and Connectivity, System Administration, Privacy and Data ManagementPolicy
Guidelines for Data File Transfers to and from Enterprise Systems

Northwestern University employees and third-party vendors shall abide by guidelines for exchanging data files. More about Guidelines for Data File Transfers to and from Enterprise Systems

Network and ConnectivityGuideline
Guidelines for Security and Confidentiality of Data Files

Northwestern University employees or persons with access to NUIT Computing Services shall abide by the ITCS guidelines. More about Guidelines for Security and Confidentiality of Data Files

Computing and Device ManagementGuideline
Guide to Securing Web Applications

The NUIT Guide to Securing Web Applications was developed as a resource for web application developers, testers, and the Information Security Office. More about Guide to Securing Web Applications

Privacy and Data ManagementGuideline
HIPAA/ISO Information Security Guidance

HIPAA/ISO information Security Guidance provides the required direction for an information security plan for any University school, department or business unit where operations are subject to HIPAA/HITECH regulations. More about HIPAA/ISO Information Security Guidance

Privacy and Data ManagementGuideline
HIPAA Privacy & Security Awareness Training

The HIPAA Privacy and Security Rules dictate that all who may come into contact with protected health information undergo annual training on HIPAA policy, and that there is documentation to prove that the training has been completed. More about HIPAA Privacy & Security Awareness Training

Privacy and Data ManagementGuideline
Hub/Repeater/Wireless Security Concerns

Hub/Repeater/wireless security improvements will reduce the chances for infections or intrusions, making your computers more secure, and reducing the side-effects of a single compromised computer. More about Hub/Repeater/Wireless Security Concerns

Network and Connectivity, Privacy and Data ManagementPolicy
Incident Response Protocol

The Incident Response Protocol establishes procedures in accordance with applicable legal and regulatory requirements and University policy to address instances of unauthorized access to or disclosure of University Information. More about Incident Response Protocol

Privacy and Data Management, CommunicationGuideline
Information Security Policy and Standards: Data Encryption

This document provides the University community with the information required to effectively and efficiently plan, prepare and deploy encryption solutions in order to secure Legally/Contractually Restricted Information (Sensitive Data) More about Information Security Policy and Standards: Data Encryption

System Administration, Privacy and Data ManagementPolicy
Information Technology Acquisition, Development and Deployment

NUIT is the major consultative resource for division and school IT workers and end-users for all information technology systems, physical facilities related to such systems, and contractual relationships with vendors of such systems and services. In addition, NUIT has oversight and coordinating responsibility for all these systems and services. More about Information Technology Acquisition, Development and Deployment

Business and Purchasing, System AdministrationPolicy
Internet Addiction

Watch out for the warning signs of internet addiction. More about Internet Addiction

ConductGuideline
Management of Email on Central Service Hosts

Email storage quotas are necessary for a more predictable service environment. More about Management of Email on Central Service Hosts

System AdministrationPolicy
Merchant Card Processing Policy

In order to accept credit or debit card payments, a Northwestern University (NU) school, department, or organization must: receive prior permission from e-Commerce Operations within Treasury Operations and ensure that the payment process and related record keeping adhere to university accounting guidelines, the Payment Card Industry Data Security Standard (PCI DSS), and all applicable legislation. More about Merchant Card Processing Policy

Business and PurchasingPolicy
Networked Devices

All NU departments that use a networked device (i.e., printer, copier, scanner and fax) can find recommendations on securing networked devices against unauthorized users and making enhancements to existing security measures. More about Networked Devices

Network and Connectivity, Computing and Device Management, Privacy and Data ManagementGuideline
Non-University Owned Building Infrastructure Policy

This policy addresses the technology infrastructure for a University organization, program or affiliate considering acquiring space in a non-University owned building. More about Non-University Owned Building Infrastructure Policy

System AdministrationPolicy
Northwestern Guidance on the Use of Generative AI

Generative AI offers the potential for new capabilities in research, education, and productivity. Understanding what to look for when adopting generative AI tools and services is key to ensuring the intended use is met while protecting University data. More about Northwestern Guidance on the Use of Generative AI

Privacy and Data ManagementGuideline
Northwestern NetID and Network Privileges

This policy identifies Individuals and groups who may receive NetIDs (Network Identification), electronic mail and other services from Northwestern University Information Technology (NUIT). More about Northwestern NetID and Network Privileges

Privacy and Data Management, Network and ConnectivityPolicy
Northwestern Network Privacy

It is the policy of Northwestern University to treat all transmissions over the Northwestern network as private; however, the use of the Northwestern network and of University computing resources is strictly by permission of the University and confidentiality is not guaranteed. More about Northwestern Network Privacy

Privacy and Data Management, Network and ConnectivityPolicy
Northwestern University's Non-Disclosure Agreements

Non-Disclosure Agreements are binding contracts that should be signed by an authorized Northwestern University signatory. For all non-University Non-Disclosure Agreements, the University contract approval process must be followed; the agreement must be reviewed and approved by the University's Office of General Counsel before signing. More about Northwestern University's Non-Disclosure Agreements

Conduct, Privacy and Data ManagementGuideline
Northwestern University Policy on Cable, Satellite, and IP Delivered Television Services

NUIT is designated as the sole authorized agent to interface with Northwestern University's television provider(s) for the addition, changing, and removal of individual service connections in any University building. More about Northwestern University Policy on Cable, Satellite, and IP Delivered Television Services

Communication, Conduct, Computing and Device ManagementPolicy
Northwestern University User Authentication Requirements

All systems must operate effectively within the authentication environment defined in these guidelines. This document is intended for use as an attachment, exhibit, or appendix to bid specifications for acquisition of software systems or services to be used at Northwestern University. More about Northwestern University User Authentication Requirements

System Administration, Privacy and Data ManagementGuideline
Off-Site Data Protection Storage Guidelines

Off-site storage requirements and procedures for sensitive media. More about Off-Site Data Protection Storage Guidelines

Privacy and Data ManagementGuideline
Online Harassment

Find recommendations for how to respond to online harassment. More about Online Harassment

ConductGuideline
Patch Management Standard

The Patch Management Standard outlines the necessary actions each person or organization who is responsible for the protection of University IT assets and data is required to perform in order to protect the integrity of the systems and data for which Northwestern is responsible.  More about Patch Management Standard

Privacy and Data ManagementPolicy
Policy and Enforcement Plan for Unapproved Campus Network Extensions

Because of four issues - security, accountability, future network performance and reliability, and network operations - it is important that schools and departments remove network extensions (hublets, multi-port switches, wireless access points, and modems) from the University network in accordance with University policy. More about Policy and Enforcement Plan for Unapproved Campus Network Extensions

Network and ConnectivityPolicy
Protocol for Exchange and Shared Responsibility for Institutional Data

Once the custodians of the source and requesting systems reach an agreement to share data, it is important to document the instance and parameters of data sharing. More about Protocol for Exchange and Shared Responsibility for Institutional Data

System AdministrationGuideline
Reporting an IT Policy Violation

This provides guidance for the best response If you feel that a specific Northwestern IT policy is being violated. More about Reporting an IT Policy Violation

Communication, ConductPolicy
Requirements to Coordinate Acquisition, Authentication and Security for Online Services to the University Community

Services may be delivered to the University community from mixed host or off-campus host configurations only upon the prior approval of NUIT under the Policy for Information Technology Acquisition, Development and Deployment. A portion of that approval process will include review of what University data is to be exposed to the ASP and stored at the ASP. More about Requirements to Coordinate Acquisition, Authentication and Security for Online Services to the University Community

Privacy and Data ManagementGuideline
Rights and Responsibilities for the Use of Central Network and Computing Resources at Northwestern University

The Northwestern computer network consists of a campus-wide backbone network, local area networks, and many shared computers as well as personal desktop computers. NUIT works to insure that network rights and responsibilities are not violated. More about Rights and Responsibilities for the Use of Central Network and Computing Resources at Northwestern University

Network and ConnectivityPolicy
Rooftop Lease Policy

Northwestern University Information Technology is responsible for the administrative, financial, and technical management of all airwave services and facilities on University rooftop spaces. More about Rooftop Lease Policy

Business and Purchasing, Network and ConnectivityPolicy
Satellite-Delivered Services

Installation, engineering, maintenance, and operation of satellite downlink and uplink services serving on any property owned or tenanted by the University, shall be coordinated and meet the standards of quality set forth by NUIT. More about Satellite-Delivered Services

System AdministrationPolicy
Secure Handling of Social Security Numbers

This policy is designed to establish awareness and provide guidance on the proper handling of Social Security Number (SSN) information maintained by or on behalf of Northwestern University. More about Secure Handling of Social Security Numbers

Privacy and Data ManagementPolicy
Server Certificate Policy

This policy provides guidance on the selection of providers of trusted server-side third-party certificates, their implementation within University systems, applications, appliances and sites, and encryption of related communications. More about Server Certificate Policy

System Administration, Privacy and Data ManagementPolicy
Server Security Requirements and References

These recommendations are meant as a guide to secure servers (a server being either a physical or virtual instance of an autonomous software system intended to connect with and provide services to other computers). The end goal is a secure server that meets the functional and business needs of each department. More about Server Security Requirements and References

System AdministrationGuideline
System Administration

These guidelines provide non-technical, practical guidance to performing the duties and practices inherent in taking on the responsibilities for and maintaining a server. More about System Administration

System AdministrationGuideline
Use and Copying of Computer Software

No member of the Northwestern community may engage in any activity that violates federal, state, or local laws with respect to intellectual property rights; the terms of software license agreements; or other University policies pertaining to computer software, for any computer software owned by or licensed to the University and computer systems or hardware owned or operated by the University, Northwestern faculty, staff, and students. More about Use and Copying of Computer Software

Conduct, Computing and Device ManagementPolicy
Use of Computers, Systems, and Networks

Northwestern University maintains access to local, national, and international networks for the purpose of supporting its fundamental activities of instruction, research, and administration. Users of the network are to take the necessary measures to safeguard the operating integrity of the systems and the accessibility of other users. More about Use of Computers, Systems, and Networks

Privacy and Data Management, Network and ConnectivityPolicy
Use of Student Residence Networks

Student residence networks are shared, finite resources installed by the University to promote scholarship and learning for all students. Accidental or intentional disruption of a residence network will deprive others of access to important University resources. Computers attached to student residence networks must adhere to specific guidelines. More about Use of Student Residence Networks

Network and ConnectivityPolicy
Using Sensitive Data Search Tools

Technology-oriented tools can be used to reduce the risk of exposing sensitive data. The programs and processes outlined within this guideline may be able to identify and protect personally identifiable information that resides on personal computers and servers. More about Using Sensitive Data Search Tools

Privacy and Data Management, Computing and Device ManagementGuideline
Wireless

Northwestern's policy helps to provide the highest quality of wireless network service and to ensure wired and wireless network security and integrity. More about Wireless

Network and ConnectivityPolicy