System and Data Protection

The Washington University in St. Louis Information Services & Technology organization is responsible for operating IT services that maximize physical security, provide reasoned protections for IT systems from natural disasters, and minimize cyber security risks for university data and systems.

IS&T is also responsible for provisioning information technology infrastructure and services that meet the common need and shared use of all schools and departments. This may include contracting for services via Internet and off-site providers that offer desirable and secure common services of value to the university community.

IS&T’s policy is to comply with the access control and data protection guidelines developed collaboratively by IT leadership from the university and Danforth Campus schools. In addition, IS&T will develop and apply specific data access restrictions and authorization procedures in partnership with university organizations that are responsible for the functional integrity and maintenance of data. IS&T will also comply with the university’s policies for Information Security, Computer Use and Code of Conduct. Any conflicts among these guidelines, procedures and policies are unintended and will be resolved by the senior IS&T leadership as needed.

Information on these guidelines, procedures and policy statements can be found at the following links:

IS&T is responsible for maintaining secure facilities; provisioning high-quality, secure and reliable information technology infrastructure; and providing common services with ample capacity and commensurate technical and user support. Use of these institutional capabilities is the primary means to reduce cyber risk for university data and for any school, department or research team adopting IS&T hosting services. IS&T will encourage and facilitate the shared use of institutional resources as cost effectively as possible.


Failure to comply with this policy, or the policies, guidelines and procedures referenced above, will be considered a violation of university policy, and shall be reported as specified by the university’s Information Security Policy.

Updated April 1, 2013