Approved Information Technology policies can be found at the university Policy Portal. Search for "information technology."

UMass System-Wide

On Dec. 8, 2010, the University of Massachusetts Board of Trustees adopted an Information Security policy based on ISO 27002.

This policy will help UMass Lowell implement a high level of Information Security standards to ensure our data and assets are protected.

The Information Security Office guides the UMass Lowell Campus in implementing these standards.

For more information, visit ISO 27000

IT Internal

  • Written Information Security Plan (pdf)
  • Firewall Policy
  • Change Management Policy
  • Security Risk Management Policy
  • Confidentiality Form – Employees
  • Confidentiality Form – Vendors
  • Key and Badge Access Policy
  • Computer Account Management Policy
  • Vulnerability Management Policy
  • Privileged Access Policy
  • Access Control Policy
  • Log Management Policy
  • IT Audit Policy
  • Information Security Plan
  • Security Breach and Response Policy
  • IT Business Continuity and Disaster Recovery Policy


  • Mobile Device Security Standard
  • Antivirus Standard
  • Protect of Endpoints
  • Protection of Servers