The university develops, disseminates, and periodically reviews/updates formal, documented procedures to facilitate the implementation of the Security Planning policy and associated Security Planning controls.

The university (Chief Information Security Officer) develops and implements a security plan that provides an overview of the security requirements and a description of the security controls in place or planned for meeting those requirements.

The university defines scope, behavior, practices and compliance pertaining to use of information resources.