Policies & Procedures


Duke University and Duke Medicine Policies and Procedures

Account or Data Access Policy

Data Security Policy (Data Security FAQ)

Web Hosting Policy [DRAFT] and Web Security Standards (additional information on wiki)

Duke Acceptable Use Policy

Duke Medicine Secure Systems Usage Memo

Duke Social Security Number Usage Policy

Incident Response Procedure

Media control/disposal

Network camera usage policy

Responsible disclosure policy [DRAFT]

Use and Storage of Social Security numbers within DUHS

Vulnerability Management Policy

Quarantine Procedures


Duke IT Security standards and procedures

Please click the line above to view Duke's internal standards and procedures (NetID required).

Data Classification Standard

Duke Services and Data Classification


OIT Protected Network: Policies and Procedures

Protected Network Policies


Departmental policy templates (referenced in the above standards)

Account, Access, and Data Managment policy template

Asset Management policy template

Back Up, Disaster Recovery, and Emergency Access policy template

Service Acceptable Use policy template


Regulatory References

Copyright/DMCA Contact Information

HIPAA information from the University Office of Institutional Ethics and Compliance

FERPA information from the Registrar's Office

PCI information from the Office of Treasury and Cash Management


IT Security Vendor Assessments

Duke Service Provider Security Assessment (SPSA) information page