Approved Information Technology policies can be found at the university Policy Portal. Search for "information technology."

UMass System-Wide

On Dec. 8, 2010, the University of Massachusetts Board of Trustees adopted an Information Security policy based on ISO 27002.

This policy will help UMass Lowell implement a high level of Information Security standards to ensure our data and assets are protected.

The Information Security Office guides the UMass Lowell Campus in implementing these standards.

IT Internal

  • Written Information Security Plan (pdf)
  • Firewall Policy
  • Change Management Policy
  • Security Risk Management Policy
  • Confidentiality Form – Employees
  • Confidentiality Form – Vendors
  • Key and Badge Access Policy
  • Computer Account Management Policy
  • Vulnerability Management Policy
  • Privileged Access Policy
  • Access Control Policy
  • Log Management Policy
  • IT Audit Policy
  • Information Security Plan
  • Security Breach and Response Policy
  • IT Business Continuity and Disaster Recovery Policy


  • Mobile Device Security Standard
  • Antivirus Standard
  • Protect of Endpoints
  • Protection of Servers