- Acceptable Use of Information and Information Systems APL
- Business Case Process for Information Technology Projects
- Employee Protection of Data APL
- Information and Communications Technology Accessibility Policy
- Information Security Policies and Standards
- Information Security Incident Response APL
- Network Services APL
- CIO Waiver for IT Processes and Procurement APL
- IT Project Management APL
The University of Maine System (“the University”) supports access to collections, services, facilities, equipment, and programs which meet the information and educational needs of the University community, and to advance the teaching, research, outreach, and administrative missions of the University.
In fulfillment of this purpose, and responsive to advances in technology and the changing needs of the community, the University supports access to information resources, including the Internet, to the greatest extent possible. In return, users of information resources shall be aware of and act in compliance with all relevant federal and state laws, local ordinances, University policies, institutional contracts, and/or other requirements or obligations. Users shall be familiar and behave consistently with the following principles: Freedom of Expression, Privacy Rights, Property Rights, Freedom from Harassment, and Compliance with Intellectual Property Rights and Copyright Law.
A comprehensive business case is essential to provide a broad analysis and plan of the overall project to facilitate early buy in and provide a verifiable basis for conducting the project. The business case should clearly identify the current situation leading to the need, the expectations of the project in terms of the key benefits to be achieved and the estimated financial costs associated with the proposed.
All individuals working on behalf of the University have a responsibility for protecting University data and data that is entrusted to the University. The Board of Trustees Information Security Policy specifies that this requirement applies to all UMS faculty, staff, employees, contractors, consultants, business partners or anyone who accesses or possesses such data. This APL focuses on appropriate precautions that faculty, staff and student workers are expected to take commensurate with the sensitivity, volume, and value of the data they handle. The overarching goal of protecting data is to reduce the risk associated with unauthorized access, loss or theft of data whether the data is in paper or electronic form. Included in protection is awareness of what data is under an individual’s control so that appropriate actions can be taken if data is lost.
The rapid proliferation of information technology as the medium for University programs and services can unintentionally exclude persons with disabilities from opportunities and full participation in university activities.
This policy supports minimizing barriers to higher education for persons with disabilities, improvement of learning outcomes for persons with and without disabilities, and fulfilment of the university’s statutory obligations by establishing responsibility for developing, maintaining and monitoring outcomes related to standards and expectations regarding the design, acquisition, compatibility and use of Information and Communications Technologies in any University activity, such as academic programs, services, communications, events, etcetera.
The Board of Trustees of the University of Maine System establishes this information security policy in support of the mission and goals of the University of Maine System (“UMS”) and all component entities thereof. The objective of this information security policy is to convey the Board’s direction for the appropriate use and protection of UMS information assets and to specify the requirements for protecting those information assets. This document applies to all UMS faculty, staff, employees, contractors, consultants, business partners and anyone who accesses or possesses UMS information assets. Compliance with this policy and all supporting standards is mandatory.
A continual threat environment necessitates our preparedness to respond to information security incidents of various types and severity. Loss of compliant or business sensitive data has serious consequences to the University as well as a possible widespread impact on others. An immediate and thorough response to an Information Security incident is required by legislation and by the UMS Information Security Policy and Standards (Section 10). This plan describes the overall UMS approach to responding to incidents, outlines procedures to be followed when an incident is discovered, and provides a foundation for campuses to build local plans.
The University of Maine System has been involved in providing various services to other public and nonprofit entities since the early nineties primarily to K-12 schools, the Maine Department of Education, the Maine State Library, public libraries, Maine Public Broadcasting Network (MPBN), both public and private higher education institutions, nonprofit research entities, and State Government. These services have centered on network access and connectivity, but have included web hosting, e-mail, and Library System Application hosting. This was a natural outgrowth of the evolution of the Internet which originated in the federal government (ARPAnet) and then to the academic community via connections to NSFnet through grants from National Science Foundation. UMS has provided network connectivity to the above constituents since the early 1990s in concert with them and commercial telecommunication providers.
The purpose of standards, policies and processes is to assure quick response and a clear path to meet IT needs for the University of Maine System. However, not every need, initiative or timeline can be addressed within the established framework. Standards exist for personal computing devices, for example. Processes exist for proposing a new project and having it approved, or for acquiring software. There will be valid educational or mission critical needs which are not fully supported by the standards or must be expedited to meet institutional timelines.
The University Services: Information Technology Project Management Office purpose is to enhance awareness and collaboration, increase efficiency, and provide consistent delivery of projects.