The university employs a formal sanctions process for personnel failing to comply with established information security policies and procedures.


  • This control applies to the university Chief Information Officer (CIO).


  • University Rule 32.01.99.M1, Complaint Procedures for Electronic Information Resources, outlines procedures for investigating violations of System policy and University rules related to information resources, including information security controls.

  • University Rule 32.01.99.M1 outlines a formal sanctions process when suspected policy or rule violations are found.