NUIT Policy Adopted for Security of Online Services

A new Northwestern policy has been adopted regarding the acquisition of technology services from outside vendors.

The policy, "Requirements to Coordinate Acquisition, Authentication and Security for Online Services to the University Community Which Are Hosted On Campus or Off Campus," is available in the policies section of the NUIT Web site.

The policy improves the security of University data, addressing authentication, security, and a notice of the right to refuse services and block implementation for online services.

In addition, the policy outlines the approval process for the acquisition of services from outside vendors, regardless of hosting location. These acquisitions must be approved by the Office of the Vice President for Information Technology.

Specific data requirements and security methods must be explicit in contract language and reviewed by General Counsel, NUIT, and applicable data stewards. Authentication must be by NetID, either via Web SSO or through federation, as off-campus LDAP or AD service is not available.

For the complete policy, please go to the policies section of the NUIT Web site.

The policy aims to improve information security for all members of the Northwestern community.

Faculty and staff who oversee personalized or authenticated online services should be aware that all online services to the University community must be reviewed and approved by the Vice President for Information Technology. Please see the full policy text for more information about specific procedures and expectations.

• eCommunicator Winter 2007