Information Security
ITS Information Security promotes the idea that security is a shared responsibility and seeks collaborative engagement with the campus community. The Information Security Team is committed to providing a safe and reliable computing environment for students, faculty and staff. We do this by safeguarding the confidentiality, integrity, and availability of information systems, identity, and data assets. Our goal is to provide proactive security expertise and maintain a resilient and secure infrastructure, while fostering a culture of security awareness and compliance throughout the University.

Information Security Program
Information Security administers the University's Information Security Program and is the go-to resource for guidance on compliance. We work to mitigate cyber security risks through outreach, awareness, assessment, policy, and best practices. We provide a number of critical services, including:
- Monitoring threats and attacks to the University's users and IT infrastructure
- Providing cyber security awareness training
- Leveraging vulnerability management tools and web application scanning
- Managing user accounts and identity management
- Reviewing and building secure access protocols and network architecture
- Providing guidance for the University's data governance process and security policies
Security Apps & Guides
LastPass Password Manager
Policies & Guidance
The Data Classification Policy provides a structured and consistent classification framework for defining the university’s data security levels. It covers all data produced, collected or used by the University of St. Thomas, its employees, student workers, contractors or volunteers while conducting University business.
The Online Privacy Policy applies when you visit the University of St. Thomas website and mobile applications (which we refer to as “sites”), we may collect some information about you and your visit. This policy governs and explains our collection and use of this information.
The Mass Email Policy defines the standards for using the University’s email systems for mass communications.
The Payment Card Policy pertains to all University of St. Thomas departments at all campuses and affiliated locations that accept, process, transmit, and/or handle payment card data on behalf of the University.
The Remote Access Policy defines the standards for connecting to the St. Thomas network from remote devices.
The Responsible Use Policy is a broad document establishing responsibilities and acceptable conduct of users of university computing, networking, telephony, and information resources.
The Workstation Administrator Access Policy protects St. Thomas computing and information assets through the implementation of a university-wide policy on access to administrative rights on campus workstations.