UPH IT Policy for IT Directorate: Security and System’s Confidentiality Policy

This policy regulates things which are related to security and confidentiality of the systems managed by ITD.


a. Physical Security
       Physical security refers to room access policy, hardware policy and management backup data policy. Physical security is the responsibility of system owners.

b. Security and Confidentiality of Username and Password
       1. All employees must protect the confidentiality of their own username and password or which others have entrusted to.
       2. ITD are responsible for managing the system and each employee must have a valid user ID and password.
       3. Employee user ID and password cannot be shared to unauthorized parties except with supervisor’s approval.
       4. Password must be changed periodically.
       5. User ID and password distributions by ITD must be done in responsible manner.

c. Installation of system protection, such as antivirus, firewall, etc.
       ITD reserves the right to do a routine check to those installations to make sure it’s active and up to date.

d. Network Security
       Network equipments must be protected and configured for access only by authorized UPH employees.