Office of Information Security Logo
about UMS link buttonPolicies and Practices Link ButtonTraining and Services Link ButtonResources and Information Link ButtonContact Us Link Button
Policy and Practices Logo
Policy and Standards logo

The University of Maine System's Security Policy was approved in 2011 by the Board of Trustees.  Its objective is to dictate the appropriate use and protection of UMS information assets and to specify the requirements for protecting these assets.

Policy and Standards

The following link will open the Policy and Standards


in PDF format for viewing or printing capabilities.


Information Security Standards (PDF)

Acceptable Use Policy (PDF)

[extracted from the Information Security Policy & Standards]

Information Classification

UMS Information shall be classified by the information owner into one

of the following threecategories:

Compliant Data - Information which has specified requirements for the control of confidentiality, availability, or integrity of the data due to statute or contract or other law or agreement. Compliant data is information which requires special protection because the misuse could harm members of the UMS community or compromise the mission of the System and/or any one of the Universities. Compliant data includes, but is not limited to, personally-identifiable information, confidential research information, and information that requires protection under law or agreement such as the Maine Data Act, FERPA (the Family Educational Rights and Privacy Act), GLBA (the Gramm-Leach Bliley Act), HIPAA (the Health Insurance Portability and Accountability Act), FTC “Red Flag Rule”, -by the PCI (Payment Card Industry) data security standards, and data placed on legal hold in accordance with e-discovery.

Examples of Compliant Data include:

- financial records

- health records

- student educational records

- any information which could permit a person to attempt to assume the identity of an individual.

Business Sensitive – Information that is not the subject of statutory or contractual controls, but where the compromise of the confidentiality, integrity, or availability of the information would result in damage or loss to UMS.

Examples of Business Sensitive Data include:

- Information System Configuration Files

- Contract Information

- Donor Information

Unclassified – Information that does not fall into either of the above categories.

16 Central Street Bangor, Maine 04401
Telephone: (207) 973-3201 | Fax: (207) 973-3296
Express Message: (207) 973-3399 | TTY Phone (24 Hours)(207) 973-3262