IT Policies and Procedures

• HSCEP OP 52.05 - Texting of Protected Health Information PHI
• HSCEP OP 52.08 - Social Security Number Policy
• HSCEP OP 52.08 - Attachment A - List of State and Federal laws requiring collection of SSN
• HSCEP OP 52.10 - Identity Theft Prevention Detection and Mitigation Program
• HSCEP OP 52.10 - Attachment A - Identity Theft Red Flags Indicators
• HSCEP OP 55.02 - Telephones, Telephone Systems, Equipment and Services
• HSCEP OP 56.01 - 1.1 I.T. Resource Management and Responsibilities (TAC 202.71, 202.72)
• HSCEP OP 56.01 - 1.4.1 Acceptable Use
• HSCEP OP 56.01 - 1.4.12 Password Authentication
• HSCEP OP 56.01 - 1.4.14 Portable Computing
• HSCEP OP 56.01 - 1.4.15 Privacy
• HSCEP OP 56.01 - 1.4.16 Monitoring of IT Assets
• HSCEP OP 56.01 - 1.4.19 Authorized Software
• HSCEP OP 56.01 - 1.4.2 Account Management and User Responsibilities
• HSCEP OP 56.01 - 1.4.22 Viruses and Other Malicious Code
• HSCEP OP 56.01 - 1.4.24 Vulnerability Assessment
• HSCEP OP 56.01 - 1.4.3 Administrator Special Access
• HSCEP OP 56.01 - 1.4.5 Change Management
• HSCEP OP 56.01 - 1.4.7 Incident Management
• HSCEP OP 56.01 - 1.4.9 Intrusion Detection
• HSCEP OP 56.01 - Use of Information Technology Resources
• HSCEP OP 56.01 - 9.4. Change Management Procedures - Procedures for Official TTUHSC El Paso Website Pages
• HSCEP OP 56.01 - 9.8. State of Texas Web Publishing Standards
• HSCEP OP 56.04 - Electronic Transmission of Personally Identifiable Information (PII) and Protected Health Information (PHI)
• HSCEP OP 56.06 -  Bring Your Own Device (BYOD)
• HSCEP OP 56.01.03 - Institutional Computer Naming Convention Standards
• HSCEP OP 56.10.01 - Backup and Recovery
• HSCEP OP 56.10.02 - Email
• HSCEP OP 56.10.03 - Internet and Intranet Connectivity
• HSCEP OP 56.10.04 - Managing Physical Security (TAC 202.73)
• HSCEP OP 56.10.05 - Network Access
• HSCEP OP 56.10.06 - Network Configuration
• HSCEP OP 56.10.07 - Server Hardening
• HSCEP OP 56.10.08 - Vendor Access
• HSCEP OP 56.10.09 - Wireless Access
• HSCEP OP 56.20.01 - Information Technology Procurment Review
• HSCEP OP 56.20.02 - IT Department Asset Management
• HSCEP OP 56.20.03 - Project Management
• HSCEP OP 56.30.01 - Approved Software and Hardware Standards
• HSCEP OP 56.30.03 - Technology Replacement Schedule
• HSCEP OP 56.40.01 - Web Publishing Standards
• HSCEP OP 56.40.02 - Website Visual Elements
• HSCEP OP 56.40.04 - Web Use and Copyright Standards
• HSCEP OP 56.40.05 - E-commerce Applications
• HSCEP OP 56.40.06 - Applications Development, Life Cycle, and Coding Standards
• HSCEP OP 56.50.06 - Definitions
• HSCEP OP 56.50.07 - Disaster Recovery (TAC 202.74)
• HSCEP OP 56.50.16 - Patch Management Policy
• HSCEP OP 56.60.01 - Institutional Videoconferencing Systems
• HSCEP OP 56.90 - IT Event Management/Response (EM)
• HSCEP OP 56.90 - Copyright (CR)
• HSCEP OP 56.90 - Intellectual Property (IN)

NIST framework Policies 56.50 Series

• HSCEP OP 56.50 - Access Control (AC)
• HSCEP OP 56.50 - Audit & Accountability (AU)
• HSCEP OP 56.50 - Authority & Purpose (AP)
• HSCEP OP 56.50 - Awareness & Training (AT)
• HSCEP OP 56.50 - Certification, Accreditation & Security Assessments (CA)
• HSCEP OP 56.50 - Configuration Management (CM)
• HSCEP OP 56.50 - Contingency Planning (CP)
• HSCEP OP 56.50 - Data Accountability, Audit & Risk Management (AR)
• HSCEP OP 56.50 - Data Minimization & Retention (DM)
• HSCEP OP 56.50 - Data Quality & Integrity (DI)
• HSCEP OP 56.50 - Data Security (SE)
• HSCEP OP 56.50 - Data Transparency (TR)
• HSCEP OP 56.50 - Data Use Limitation (UL)
• HSCEP OP 56.50 - Identification & Authentication (IA)
• HSCEP OP 56.50 - Incident Response (IR)
• HSCEP OP 56.50 - Individual Participation & Redress (IP)
• HSCEP OP 56.50 - Maintenance (MA)
• HSCEP OP 56.50 - Media Protection (MP)
  • HSCEP OP 56.50 - Data Classification Guidelines
  • HSCEP OP 56.50 - Data Handling Guidelines
• HSCEP OP 56.50 - Personnel Security (PS)
• HSCEP OP 56.50 - Physical & Environmental Protection (PE)
• HSCEP OP 56.50 - Planning (PL)
• HSCEP OP 56.50 - Program Management (PM)
• HSCEP OP 56.50 - Risk Assessment (RA)
• HSCEP OP 56.50 - Sanctions Policy (SN)
• HSCEP OP 56.50 - System & Communication Protection (SC)
• HSCEP OP 56.50 - System & Information Integrity (SI)
• HSCEP OP 56.50 - System & Service Acquisition (SA)

 

In order to document and support the implementation of the formal software development process, the relevant policies where revised and updated. These policy changes are summarized in Table 2.

Policy	Changes	Updated Policy Location
56.01 - 9.1	Numbering changed to 56.40.06. Updated to match with the new software development process.	https://ttuhscep.edu/it/policies/op564006.aspx
56.01 - 9.5	Merged with policy 56.40.06 (former policy 56.01 - 9.1), listed as TTUHSC Coding Standards.
56.01 - 9.6	Updated to match current eCommerce process. Numbering changed to 56.40.05.	https://ttuhscep.edu/it/policies/op564005.aspx
1.4.20	Merged with policy 56.40.05 (former policy 56.01 - 9.1)