System and Data Protection

°ϲʿ. Louis Information Technology is responsible for operating IT services that maximize physical security, provide reasoned protections for IT systems from natural disasters, and minimize cyber security risks for university data and systems.

WashU IT is also responsible for provisioning information technology infrastructure and services that meet the common need and shared use of all schools and departments. This may include contracting for services via Internet and off-site providers that offer desirable and secure common services of value to the university community.

WashU IT’s policy is to comply with the access control and data protection guidelines developed collaboratively by IT leadership from the university and Danforth Campus schools. In addition, WashU IT will develop and apply specific data access restrictions and authorization procedures in partnership with university organizations that are responsible for the functional integrity and maintenance of data. WashU IT will also comply with the university’s policies for Information Security, Computer Use and Code of Conduct. Any conflicts among these guidelines, procedures and policies are unintended and will be resolved by the senior WashU IT leadership as needed.

Information on these guidelines, procedures and policy statements can be found at the following links:

WashU IT is responsible for maintaining secure facilities; provisioning high-quality, secure and reliable information technology infrastructure; and providing common services with ample capacity and commensurate technical and user support. Use of these institutional capabilities is the primary means to reduce cyber risk for university data and for any school, department or research team adopting WashU IT hosting services. WashU IT will encourage and facilitate the shared use of institutional resources as cost effectively as possible.


Failure to comply with this policy, or the policies, guidelines and procedures referenced above, will be considered a violation of university policy, and shall be reported as specified by the university’s Information Security Policy.

Updated April 1, 2013