Executive Memorandum No. 16 is the Policy for Responsible Use of University Computers and Information Systems. It is issued by the president of the University of Nebraska System.
Responsible Use of University Computers and Information Systems (EM16)
In an ever-changing world of cybersecurity threats, organizations, not just Universities, but financial institutions, social media, and other online services are implementing these strategies to mitigate risk and protect user data.
These strategies are commonly defined through formal policies that govern the organization's information systems, data, and processes and guide the organization's operations. Implementation of EM16 helps address the following areas to improve and sustain our cybersecurity posture at the University.
Research Compliance
Many of our research projects come with significant compliance requirements both federally and from other agencies. These requirements include cybersecurity tools and controls as well as a complete library of NIST compliant policies.
Personal and Academic Data Protection
Our students, faculty, staff, and our governmental partners expect a robust cybersecurity program to effectively protect personal and academic data. In order to be eligible for federal funding, including financial aid programs, the University will be required to demonstrate compliance with NIST cybersecurity frameworks including a complete library of cyber policies.
Business Relevance
Our business partners are requiring the deployment of a robust cybersecurity program as evidence that we are able to sustain operations during any cyber event. This optimizes our business efficiency both in purchasing power and other business practices.
Key Stakeholders
University policies and standards are to be applied to all University services, stakeholders, constituents, and affiliates. Due to the unique partnership that the University of Nebraska Medical Center maintains with Nebraska Medicine, UNMC may be explicitly excluded from clauses where conflicting language, practices, or procedures exist with Nebraska Medicine’s published documents. EM16 supersedes and takes precedence over any conflicting, contradictory, or inconsistent campus, college, school, department, or faculty policies, statements, guidelines, or guidance.
IT Policy Exceptions
The University is committed to safeguarding its information and computing infrastructure, which is essential for teaching, research, community service, and healthcare functions. Additionally, the University is strongly committed to maintaining the security and privacy of confidential personal information and other data it collects or stores.
To guide the University community in achieving these objectives, the University has established policies, standards, and procedures that all users must follow. However, the University also recognizes that academic and research pursuits may require alternative security approaches from these policies, standards, and procedures. Therefore, the University has developed an exception process that users may utilize to justify such alternatives and document the associated risks. To start an exception request, contact your IT Support Representative. They will assist with preparing the necessary information for a request and coordinate the process. Only IT Support Representatives can initiate an IT Policy Exception Request on behalf of a University stakeholder.
Additional Information
Additional information about Executive Memorandum 16 can be found on the ITS Security Policy website.