Security Standards for Georgetown Technology
Georgetown technology security standards are intended to reflect the minimum level of care required for the University’s data. These are minimum standards, and therefore, do not relieve Georgetown staff, faculty, students, partners, consultants, or vendors of additional obligations that may be imposed by policy, law, regulation or contract.
Georgetown expects all partners, consultants, service providers, and vendors to abide by the University’s information security policies. If non-public data is to be accessed or shared with any third parties, they should be bound by contract to comply with and to be held to Georgetown’s information security policies.
University departmental system administrators, system owners, and system buyers are required to abide by these standards, as UIS is committed to prioritizing and protecting your systems by risk level. Individuals responsible for building, using, and maintaining University assets must know all external obligations that affect their system in order to ensure the system is configured, used, and maintained to meet any requirements from those external obligations.