Policies & Procedures
Duke University Policies
Duke Social Security Number Usage Policy
Use and Storage of Social Security numbers within DUHS (pdf)
Duke Data Security Policy - Draft (pdf)
Vulnerability Management Policy (pdf)
Duke IT Security standards and procedures
Please click the line above to view Duke's internal standards and procedures (NetID required).
Data Classification Standard (pdf)
Departmental policy templates (referenced in the above standards)
Account management policy template (pdf)
Back up policy template (pdf)
Change management policy template (pdf)
Network firewall policy template (pdf)
Patching policy template (pdf)
Regulatory References
Copyright/DMCA Contact Information
HIPAA information from the University Office of Institutional Ethics and Compliance
- HHS HIPAA Security rule guidance (Administrative, Physical, Technical, & Organizational Safeguards)
- NIST's HIPAA Security rule toolkit
- campus machines collecting, storing, or using ePHI in any way must comply with the ITSO technical standards (above) requirements for Sensitive data.
FERPA information from the Registrar's Office
PCI information from the Office of Treasury and Cash Management
Risk Assessments
Duke Service Provider Risk Assessment (for service and application vendors) (pdf)