Yale's Information Security Policy Base

Yale's Information Security policy base ensures we secure Yale's data and IT Systems. Our policy base includes University IT and regulatory policies that include cybersecurity requirements. Regulatory policies include University HIPAA and PCI policies that include cybersecurity requirements. 

 

tprm header

University Information Security Policies

This page puts all University policies that include cybersecurity requirements in one place. Our Information Security Policy Base consists of four policy artifact types:

  • Policies identify the issue and scope. They explain why we need to do something to keep Yale secure.
  • Standards explain what needs to happen to follow policies.
  • Procedures explain how to do the standards by establishing the proper steps to take.
  • Guidelines provide extra, recommended guidance for meeting policies and standards.

Below you will find a collection of all IT Security policies from the University policy base. Each of these policy artifacts plays a role in ensuring we know what to do to keep Yale secure. These are organized by the University Policy number. We include links to the supporting standards, procedures, and guidelines for each policy.

This shows a computer with a stethoscope next to it.

University HIPAA Information Security Policies 

Yale University is committed to providing the highest quality health care. This includes respecting patients' and research participants' privacy of their health information. 

The standards for protecting health information are described in the federal law HIPAA. HIPAA stands for the Health Insurance Portability and Accountability act. Yale's HIPAA policies are designed to ensure compliance with the HIPAA security rule.

Below is a collection of all IT Security policies from the University HIPAA policy base. This includes any HIPAA policy about protecting electronic protected health information (ePHI). These policies apply to anyone in Yale's HIPAA covered entity.  

This shows a person swiping their credit card at a store. PCI policies are in place to protect credit card information.

University PCI Information Security Policies 

PCI DSS is the Payment Card Industry Data Security Standards. Our University has policies in place to ensure compliance with PCI DSS. These policies apply to anyone accepting Payment Card payments for University business. Below is a list of Yale's PCI Information Security policies.

Need help?

We are here to help you keep Yale secure. For any questions on how to meet and maintain these policies, send us an email

Yale’s Minimum Security Standards (MSS)

Did you know this page represents over 170 pages of policies and procedures? We have consolidated all Yale’s security policies, procedures, and practices into one place. These baseline security requirements are known as Yale’s Minimum Security Standards (MSS). We’ve saved you the time of reading 170+ pages of policy by putting them all in one place.

View Yale’s Minimum Security Standards (MSS)