Child pages
  • Statement on ITS Policies
Skip to end of metadata
Go to start of metadata

About ITS Policies and Related Terms

University at Albany Information Technology policies are developed and maintained to support the University's mission and daily activities; to promote best practices in the usage and management of information resources; to support compliance with federal, state, and university law, regulation or policy; to manage risks associated with IT infrastructure and systems; and to guide the stewardship of the accessibility, privacy and security of information utilized by the UAlbany community.

University at Albany IT policies include a policy statement and may include companion documents such as standards, guidelines and/or procedures. These are defined as follows:


Policies state an institutional position. In some cases, ITS policies with the broad application across the University are included as part of the University at Albany Library of Institutional Policies. All technology policies are enforced by Information Technology Services (ITS).


Protocols provide definition, context and rationale for how the University addresses broad areas relevant to specific policies. As an example, the Information Security Policy identifies a set of Security Domains providing a framework for an Information Security Program. Within each domain, protocols give a rationale for the security area, provide institutional direction and establish a framework for related standards and procedures.


Standards define a set of criteria that promote compliance with applicable laws and regulations, mandate actions or constraints and contain information regarding compliance and/or a desired outcome. Generally, they are considered "must do's" that are enforceable on the basis of compliance or mitigation of risk. This includes industry standards which establish technical specifications pertaining to equipment and/or infrastructure requirements. All standards to IT policies are enforced by ITS.


Guidelines are recommended guides to action. Generally, they are considered "should do's" that reflect established customs or an efficient, effective means for complying with a policy. Guidelines are representative of ITS expectation that users will follow them as they represent a model of example for day-to-day operations and/or regular business practices.


Procedures are the detailed steps associated with complying with a policy or provisioning an IT service. Generally, they are considered "how to's" and may be directed to a specific audience or the entire user community. They are approved by the CIO and may change in accordance with technology and other circumstances as warranted.

Questions regarding any University at Albany IT policies or companion documents should be directed to the ITS Service Desk.

Need more help? Contact the ITS Service Desk.