Protecting the Information in Your Care

All University employees and volunteers must adhere to the guidance and standards in these Best Practice manuals

These three security manuals are designed to help you—as an ECU employee, manager or IT support staff member—fulfill your responsibilities for protecting the information in your care. They are for general guidance and may not address all job aspects or working environment–managing HIPAA, FERPA and other sensitive information are examples–so take additional precautions to ensure all information is safe and secure.

The standards here are based on the ISO 27002 Information Technology Security Techniques Code of Practice and consider the unique aspects of our academic, research, service, administrative, legal, regulatory and contractual activities and requirements.

For the purposes of these guides:

  • An employee is a person employed by the University or who serves as a University volunteer. This includes anyone performing work on behalf of the University, such as staff and faculty members, student workers, contractors and unpaid volunteers.
  • An administrative head is the administrative director of a University department, such as an academic department chair, administrative department director or college dean. Administrative heads direct departmental operations and the use of University resources.
  • An IT support staff member is an employee who provides technical or end user support of a University-owned or managed IT system or service to other persons, regardless of their affiliation with the university.

Each best practice is accompanied by a statement of responsibility, an activities list and a link to the relevant security standard.

For more information on your responsibilities for legal and regulatory compliance contact your supervisor or departmental compliance coordinator for assistance. If you have general questions about information security requirements and practices, contact the IT Help Desk at 252.328.9866.