Describes the types of automatically created and sponsored accounts and email addresses. See Account and Email Address Policy in the Helpdesk Knowledgebase.

All users of the Information Technology at Pacific University are required to follow this policy. Please ensure you understand the policies before using university technology. Questions or concerns should be directed to the Technology Helpdesk.

Pacific University utilizes a variety of IT equipment to support patient care and communicate with healthcare information systems including desktop computers, servers, laptops, and biomedical devices. Biomedical devices typically measure physiological characteristics of patients and in some cases may not use or look like a traditional computer, yet they may store electronic protected healthcare information (ePHI). Policy addresses security of devices/equipment while in use by Pacific workforce...

Pacific University has adopted this Data Integrity Policy and Procedure to ensure the confidentiality, integrity, and availability of all Protected Data we create, receive, maintain, or transmit as required by federal or state regulatory requirements, including but not limited to FERPA, GLBA, HIPAA, PCI, and other regional or local applicable laws and requirements. The policy establishes a standard to instruct and guide workforce members in the appropriate access, use, storage, and transmission...

In support of the physical security safeguards described in NIST standards, Pacific University will implement policies and procedures to prevent unauthorized access to facilities and document the repairs and modifications to the physical components of a facility related to Protected Data security (for example, hardware, walls, doors and locks). This includes access to defined spaces as well as maintenance performed on equipment. PUNID required to review policy.

The Pacific University Libraries seek to advance critical inquiry, collaborative learning, and knowledge creation through dynamic services, spaces, and collections. The Libraries’ enactment of this mission is guided by our core values, which prioritize providing opportunities to engage with diverse ideas, providing services that contribute to equitable access to information, and the use of inclusive approaches to delivering services. Aligned with this mission and these values, the Libraries...

Information security related incidents impact Pacific University's (Pacific) security goals and may also harm its ability to conduct business. These incidents may be malicious in nature or accidental. Pacific has selected and implemented a set of safeguards, which are based on the result of risk assessments and information security standards. In the event of a security related incident, this policy addresses the methods for identifying, responding to and, when possible, preventing security...

This policy sets forth Pacific's approach to applying sanctions upon completion of investigations regarding misuse of Protected Data. Attempting to obtain or use, actually obtaining or using, or assisting others to obtain or use Protected Data, when unauthorized or improper, will result in counseling and/or disciplinary action up to and including termination. Pacific University has adopted this Information Security Sanctions Policy to ensure the confidentiality, integrity, and availability of...

Appropriate management of access to Protected Data is an important aspect of Pacific University's information security strategy. The policy outlines requirements and process for granting members of the workforce appropriate levels of access to electronic Protected Date based on study or work-related duties and responsibilities. Policy also outlines the documented process for granting authorization and access to Protected Data. PUNID required to review policy.

The goal of Information Systems Activity Review is to prevent, detect, contain, and correct security violations and threats to Protected Data such as unauthorized access to the information systems, suspicious data use, or tampering. Designated workforce members in each college, school or department will review any unauthorized access to the information systems, suspicious data use or tampering. They will take appropriate action regarding potential system vulnerabilities, improve safeguards as...

The purpose of this standard is to define approved methods for using encryption technology to ensure the integrity and confidentiality of electronic protected health information (ePHI) and other Pacific University confidential information while at rest and during transmission. This standard applies to all data that is considered Pacific University confidential information, including ePHI when it is at rest, being processed, or transmitted between information technology resources. Data encryption...

The purpose of this standard is to define approved methods for using box.com to ensure the integrity and confidentiality of protected health information (PHI) and other Pacific University confidential information while at rest and during transmission. This standard applies to all data that is considered Pacific University confidential information, including PHI, and is being stored in Box, regardless of its storage duration. Business and instructional needs may require the storage of PHI in the...

This standard establishes a consistent set of minimum security measures required for computer workstations used within Pacific University. This standard also addresses standards for vendor and personally owned workstations when they are connected to Pacific University’s systems and networks.The elements of this standard include requirements for installation and configuration, access control, physical security, document storage, logging and monitoring, and change management. Pacific University...

International travel significantly increases the risks of theft or loss of IT equipment and of malware infection that can compromise accounts. This policy helps to manage these risks and thus manage the risk to university protected data and records. There are also potential legal issues surrounding traveling with encryption and this policy helps manage risk of legal action to the university or its employees.

This policy provides an overview of the steps that must be taken by those wishing to create mobile applications that represent or will be owned by Pacific University. Guidelines are given and standards enforced so that mobile apps represent the university well, can be managed on an ongoing basis, and do not violate legal regulations or other university policies.

Workforce members of Pacific University are generally not issued smart phones or similar mobile devices, which have the ability to connect to the Pacific network and download data. To support mobile access for the workforce, Pacific has adopted a "bring your own device" (BYOD) approach, which permits workforce members to utilize personally owned devices to access Pacific email, calendar, contacts and other resources. This policy applies to both personally owned devices and Pacific-owned devices...

Work files should be stored in places with appropriate controls that provide for business continuity. When faculty and staff members store work files in areas not managed by their departments, there is a significant risk of the disruption of operations if the files become inaccessible because the employee is unavailable due to leave or ceases to be employed at the university. UIS does not have a quick, efficient, or guaranteed way to retrieve files stored in non-managed areas and services, and...

The purpose of this policy is to establish a standard for creation of strong passwords, the protection of those passwords, and the frequency of change. Passwords are an important aspect of computer security. A poorly chosen password may result in the compromise of Pacific University's entire university network.

The purpose of this policy is to provide guidelines for use of printing credits for the Pharos stations located on Pacific University’s Forest Grove, Hillsboro, Eugene, and Woodburn campuses. This policy applies to all Pacific University students and employees. University Information Services (UIS) deploys and maintains printing and copy stations to numerous locations at Pacific University campus locations where there are high concentrations of students. This system is primarily for student use...

This policy establishes the required guidelines for the use of HIPAA/FERPA protected healthcare conferencing and video services (e.g. Healthcare Zoom) by workforce members to discuss Protected Data. Permitted uses are: case conferences, preceptor consultations, HIPAA/FERPA protected conferencing and video services, student performance measures, care coordination, student advising sessions, and administrative meetings. PUNID required to review policy. Updated October 2024.