IT Policies, Standards, and Guidelines

Northwestern makes available Electronic Resources to community members so that they can share and store knowledge, communicate, and conduct business in support of the University’s mission. The University is committed to maintaining an environment in which academic freedom thrives. At the same time, the University needs to ensure the security and stability of the Electronic Resources it makes available to community members. More about Appropriate Use of Electronic Resources

Computer applications deployed to members of the University community should use the University NetID as the person’s electronic identifier, and the corresponding password as a necessary (but not always sufficient) credential to authenticate each person. Where appropriate, and in keeping with policies, software applications may require additional credentials beyond the NetID and its password. More about Authentication Requirements for University Software Applications

These guidelines provide guidance for the appropriate use of bulk email at Northwestern University, and when necessary, the approval to send bulk email through the enterprise NU Bulk Email system. More about Bulk Email Approval Policies and Procedures

The central Web server (called "NUInfo") comprises highly available, high-performance websites containing important information of general interest about the University. More about Central Web Server

There are specific considerations for cloud as well as tools and services available that can be leveraged to support the maintenance of compliant environments. More about Cloud Computing Guidelines

Official recommendations for departmental, student and personal computer and networking purchases. Revised every three to six months. More about Computer and Networking Purchases at Northwestern University

This guideline provides official contract language approved by Northwestern University. This language must be included in all software vendor contracts to ensure the safe handling of sensitive University data. More about Contract Language for the Secure Handling of Sensitive Data

The policy contained in this document will support and promote greater understanding of and appropriate use of data, and heightened awareness of the sensitive nature of data based on various risk factors. More about Data Access Policy

It is the responsibility of the department or individual in possession of Northwestern-owned computer(s) to ensure that data has been properly removed from the hard drives of computers before removal or redeployment. For equipment acquired using federal funds, you must get approval of Accounting Services for Research and Sponsored Programs (ASRSP) for disposal. More about Disposal of Northwestern University Computers

This Electronic Communications Standard outlines the necessary actions each person or organization with access to Northwestern University electronic communications is responsible for taking to ensure the integrity of the systems and data for which Northwestern is responsible.  More about Electronic Communications Standard

The purpose of listserv at Northwestern University is to facilitate and disseminate information to eligible members and affiliates of the University. Listserv services are available to current faculty, staff and student organizations. More about Email Distribution Through Listserv

This Electronic Communications Standard outlines the necessary actions each person or organization with access to Northwestern University electronic communications is responsible for taking to ensure the integrity of the systems and data for which Northwestern is responsible.  More about Endpoint Security Standard

This policy statement is designed to provide guidance on when firewalls are required or recommended, and to raise awareness on the importance of a properly configured (installed and maintained) firewall. More about Firewall Policy

Northwestern University employees and third-party vendors shall abide by guidelines for exchanging data files. More about Guidelines for Data File Transfers to and from Enterprise Systems

Northwestern University employees or persons with access to NUIT Computing Services shall abide by the ITCS guidelines. More about Guidelines for Security and Confidentiality of Data Files

The NUIT Guide to Securing Web Applications was developed as a resource for web application developers, testers, and the Information Security Office. More about Guide to Securing Web Applications

HIPAA/ISO information Security Guidance provides the required direction for an information security plan for any University school, department or business unit where operations are subject to HIPAA/HITECH regulations. More about HIPAA/ISO Information Security Guidance

The HIPAA Privacy and Security Rules dictate that all who may come into contact with protected health information undergo annual training on HIPAA policy, and that there is documentation to prove that the training has been completed. More about HIPAA Privacy & Security Awareness Training

Hub/Repeater/wireless security improvements will reduce the chances for infections or intrusions, making your computers more secure, and reducing the side-effects of a single compromised computer. More about Hub/Repeater/Wireless Security Concerns

The Incident Response Protocol establishes procedures in accordance with applicable legal and regulatory requirements and University policy to address instances of unauthorized access to or disclosure of University Information. More about Incident Response Protocol

This document provides the University community with the information required to effectively and efficiently plan, prepare and deploy encryption solutions in order to secure Legally/Contractually Restricted Information (Sensitive Data) More about Information Security Policy and Standards: Data Encryption

NUIT is the major consultative resource for division and school IT workers and end-users for all information technology systems, physical facilities related to such systems, and contractual relationships with vendors of such systems and services. In addition, NUIT has oversight and coordinating responsibility for all these systems and services. More about Information Technology Acquisition, Development and Deployment

Watch out for the warning signs of internet addiction. More about Internet Addiction

Email storage quotas are necessary for a more predictable service environment. More about Management of Email on Central Service Hosts

In order to accept credit or debit card payments, a Northwestern University (NU) school, department, or organization must: receive prior permission from e-Commerce Operations within Treasury Operations and ensure that the payment process and related record keeping adhere to university accounting guidelines, the Payment Card Industry Data Security Standard (PCI DSS), and all applicable legislation. More about Merchant Card Processing Policy

All NU departments that use a networked device (i.e., printer, copier, scanner and fax) can find recommendations on securing networked devices against unauthorized users and making enhancements to existing security measures. More about Networked Devices

This policy addresses the technology infrastructure for a University organization, program or affiliate considering acquiring space in a non-University owned building. More about Non-University Owned Building Infrastructure Policy

Generative AI offers the potential for new capabilities in research, education, and productivity. Understanding what to look for when adopting generative AI tools and services is key to ensuring the intended use is met while protecting University data. More about Northwestern Guidance on the Use of Generative AI

This policy identifies Individuals and groups who may receive NetIDs (Network Identification), electronic mail and other services from Northwestern University Information Technology (NUIT). More about Northwestern NetID and Network Privileges

It is the policy of Northwestern University to treat all transmissions over the Northwestern network as private; however, the use of the Northwestern network and of University computing resources is strictly by permission of the University and confidentiality is not guaranteed. More about Northwestern Network Privacy

Non-Disclosure Agreements are binding contracts that should be signed by an authorized Northwestern University signatory. For all non-University Non-Disclosure Agreements, the University contract approval process must be followed; the agreement must be reviewed and approved by the University's Office of General Counsel before signing. More about Northwestern University's Non-Disclosure Agreements

NUIT is designated as the sole authorized agent to interface with Northwestern University's television provider(s) for the addition, changing, and removal of individual service connections in any University building. More about Northwestern University Policy on Cable, Satellite, and IP Delivered Television Services

All systems must operate effectively within the authentication environment defined in these guidelines. This document is intended for use as an attachment, exhibit, or appendix to bid specifications for acquisition of software systems or services to be used at Northwestern University. More about Northwestern University User Authentication Requirements

Off-site storage requirements and procedures for sensitive media. More about Off-Site Data Protection Storage Guidelines

Find recommendations for how to respond to online harassment. More about Online Harassment

The Patch Management Standard outlines the necessary actions each person or organization who is responsible for the protection of University IT assets and data is required to perform in order to protect the integrity of the systems and data for which Northwestern is responsible.  More about Patch Management Standard

Because of four issues - security, accountability, future network performance and reliability, and network operations - it is important that schools and departments remove network extensions (hublets, multi-port switches, wireless access points, and modems) from the University network in accordance with University policy. More about Policy and Enforcement Plan for Unapproved Campus Network Extensions

Once the custodians of the source and requesting systems reach an agreement to share data, it is important to document the instance and parameters of data sharing. More about Protocol for Exchange and Shared Responsibility for Institutional Data

This provides guidance for the best response If you feel that a specific Northwestern IT policy is being violated. More about Reporting an IT Policy Violation

Services may be delivered to the University community from mixed host or off-campus host configurations only upon the prior approval of NUIT under the Policy for Information Technology Acquisition, Development and Deployment. A portion of that approval process will include review of what University data is to be exposed to the ASP and stored at the ASP. More about Requirements to Coordinate Acquisition, Authentication and Security for Online Services to the University Community

The Northwestern computer network consists of a campus-wide backbone network, local area networks, and many shared computers as well as personal desktop computers. NUIT works to insure that network rights and responsibilities are not violated. More about Rights and Responsibilities for the Use of Central Network and Computing Resources at Northwestern University

Northwestern University Information Technology is responsible for the administrative, financial, and technical management of all airwave services and facilities on University rooftop spaces. More about Rooftop Lease Policy

Installation, engineering, maintenance, and operation of satellite downlink and uplink services serving on any property owned or tenanted by the University, shall be coordinated and meet the standards of quality set forth by NUIT. More about Satellite-Delivered Services

This policy is designed to establish awareness and provide guidance on the proper handling of Social Security Number (SSN) information maintained by or on behalf of Northwestern University. More about Secure Handling of Social Security Numbers

This policy provides guidance on the selection of providers of trusted server-side third-party certificates, their implementation within University systems, applications, appliances and sites, and encryption of related communications. More about Server Certificate Policy

These recommendations are meant as a guide to secure servers (a server being either a physical or virtual instance of an autonomous software system intended to connect with and provide services to other computers). The end goal is a secure server that meets the functional and business needs of each department. More about Server Security Requirements and References

These guidelines provide non-technical, practical guidance to performing the duties and practices inherent in taking on the responsibilities for and maintaining a server. More about System Administration

No member of the Northwestern community may engage in any activity that violates federal, state, or local laws with respect to intellectual property rights; the terms of software license agreements; or other University policies pertaining to computer software, for any computer software owned by or licensed to the University and computer systems or hardware owned or operated by the University, Northwestern faculty, staff, and students. More about Use and Copying of Computer Software

Northwestern University maintains access to local, national, and international networks for the purpose of supporting its fundamental activities of instruction, research, and administration. Users of the network are to take the necessary measures to safeguard the operating integrity of the systems and the accessibility of other users. More about Use of Computers, Systems, and Networks

Student residence networks are shared, finite resources installed by the University to promote scholarship and learning for all students. Accidental or intentional disruption of a residence network will deprive others of access to important University resources. Computers attached to student residence networks must adhere to specific guidelines. More about Use of Student Residence Networks

Technology-oriented tools can be used to reduce the risk of exposing sensitive data. The programs and processes outlined within this guideline may be able to identify and protect personally identifiable information that resides on personal computers and servers. More about Using Sensitive Data Search Tools

Northwestern's policy helps to provide the highest quality of wireless network service and to ensure wired and wireless network security and integrity. More about Wireless