The primary purpose of this Security Policy is to establish rules to insure the protection of confidential and/or sensitive information stored or transmitted electronically and to ensure protection of the University's information technology resources. The policy assigns responsibility and provides guidelines to protect the University's systems and data against misuse and/or loss.

This Security Policy applies to all users of computer systems, centrally managed computer systems, or computers that are authorized to connect to the University's data network. The policy applies to users of information services operated or administered by the University. Individuals working for institutions affiliated with Tufts University are subject to these same definitions and rules when they are using Tufts University information technology resources.

This Security Policy applies to all aspects of information technology resource security including, but not limited to, accidental or unauthorized destruction, disclosure or modification of hardware, software, networks and/or data.

Finally, this Security Policy represents minimum information technology resources security requirements. Schools and departments may, at their discretion, and with the approval of the appropriate committees and University Counsel, establish additional policies and standards governing security. If the provisions of this Security Policy are in conflict with school or departmental security policies and standards, the provisions of this Security Policy shall prevail.