{"id":70079,"date":"2026-03-11T14:06:18","date_gmt":"2026-03-11T21:06:18","guid":{"rendered":"https:\/\/policies.wsu.edu\/prf\/?page_id=70079"},"modified":"2026-03-11T14:06:26","modified_gmt":"2026-03-11T21:06:26","slug":"bppm-revision-654","status":"publish","type":"page","link":"https:\/\/policies.wsu.edu\/prf\/bppm-manual-revisions\/bppm-revision-654\/","title":{"rendered":"UPPM Revision 654"},"content":{"rendered":"<div class=\"wsu-row wsu-row--single\" >\r\n    \n<div class=\"wsu-column\"  style=\"\">\r\n\t\n\n<h1>UPPM Revision #654<\/h1>\n<p><strong>March 11, 2026<\/strong><\/p>\n<p>This UPPM revision includes the following policies:<\/p>\n<hr \/>\n<p><b><a href=\"https:\/\/policies.wsu.edu\/prf\/index\/manuals\/business-policies-and-procedures-manual\/bppm-87-07\/\">87.07<\/a> E-Mail Use and Security<\/b><\/p>\n<div data-olk-copy-source=\"MessageBody\">WSU and each user of WSU email and systems have an obligation to ensure the security, integrity, and accessibility of records sent or received by email, as well as appropriate use of WSU email systems. To fulfill these obligations, this policy:<\/div>\n<div data-olk-copy-source=\"MessageBody\">\u00a0<\/div>\n<ul>\n<li>\n<div role=\"presentation\">Clarifies the duties of all persons utilizing WSU email accounts, with additional duties for those persons conducting official WSU business;<\/div>\n<\/li>\n<li>\n<div role=\"presentation\">Sets forth requirements to reduce the risk of unauthorized access or disclosure of WSU institutional data; and<\/div>\n<\/li>\n<li>\n<div role=\"presentation\">Helps to ensure that public records are retained and accessible as required by law (see UPPM\u00a0<a id=\"OWAb14ae48b-bb83-42f9-aff3-5f5f60b884e8\" title=\"Original URL: https:\/\/policies.wsu.edu\/prf\/index\/manuals\/business-policies-and-procedures-manual\/bppm-90-01\/. Click or tap if you trust this link.\" href=\"https:\/\/nam12.safelinks.protection.outlook.com\/?url=https%3A%2F%2Fpolicies.wsu.edu%2Fprf%2Findex%2Fmanuals%2Fbusiness-policies-and-procedures-manual%2Fbppm-90-01%2F&amp;data=05%7C02%7Ckenyah.thomas%40wsu.edu%7Cb951f729aaee43822dc808de7e0f036b%7Cb52be471f7f147b4a8790c799bb53db5%7C0%7C0%7C639086800119252185%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C0%7C%7C%7C&amp;sdata=tI6jhNzdCn%2FqBpmB3nJLhZyyIlGOKnZGrHmi2X0T%2BHo%3D&amp;reserved=0\" target=\"_blank\" rel=\"noopener noreferrer\" data-auth=\"NotApplicable\" data-linkindex=\"3\">90.01<\/a>,\u00a0<a id=\"OWAc662009a-8b04-4a29-b400-a2ef5f74b7a4\" title=\"Original URL: https:\/\/policies.wsu.edu\/prf\/index\/manuals\/business-policies-and-procedures-manual\/bppm-90-03\/. Click or tap if you trust this link.\" href=\"https:\/\/nam12.safelinks.protection.outlook.com\/?url=https%3A%2F%2Fpolicies.wsu.edu%2Fprf%2Findex%2Fmanuals%2Fbusiness-policies-and-procedures-manual%2Fbppm-90-03%2F&amp;data=05%7C02%7Ckenyah.thomas%40wsu.edu%7Cb951f729aaee43822dc808de7e0f036b%7Cb52be471f7f147b4a8790c799bb53db5%7C0%7C0%7C639086800119262503%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C0%7C%7C%7C&amp;sdata=Xr%2Fuhl%2FpLxEc9oZmCd64R3r7Cjq9AXCo%2FeMzgeZo37k%3D&amp;reserved=0\" target=\"_blank\" rel=\"noopener noreferrer\" data-auth=\"NotApplicable\" data-linkindex=\"4\">90.03<\/a>, and\u00a0<a id=\"OWAf6481a65-de17-9d24-f68e-f7fccd761855\" title=\"Original URL: https:\/\/policies.wsu.edu\/prf\/index\/manuals\/business-policies-and-procedures-manual\/bppm-90-05\/. Click or tap if you trust this link.\" href=\"https:\/\/nam12.safelinks.protection.outlook.com\/?url=https%3A%2F%2Fpolicies.wsu.edu%2Fprf%2Findex%2Fmanuals%2Fbusiness-policies-and-procedures-manual%2Fbppm-90-05%2F&amp;data=05%7C02%7Ckenyah.thomas%40wsu.edu%7Cb951f729aaee43822dc808de7e0f036b%7Cb52be471f7f147b4a8790c799bb53db5%7C0%7C0%7C639086800119275525%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C0%7C%7C%7C&amp;sdata=4Qko6VnfUlJ3J7YTLazXWLoCVEy4SYlfkC8CxWTzJAQ%3D&amp;reserved=0\" target=\"_blank\" rel=\"noopener noreferrer\" data-auth=\"NotApplicable\" data-linkindex=\"5\">90.05<\/a>).<\/div>\n<\/li>\n<\/ul>\n<p><strong><a href=\"https:\/\/policies.wsu.edu\/prf\/index\/manuals\/business-policies-and-procedures-manual\/bppm-87-15\/\">87.15<\/a> Information Security Planning<\/strong><\/p>\n<p><span data-olk-copy-source=\"MessageBody\">Comprehensive information system security planning safeguards WSU data, systems, and information technology resources from evolving threats. This policy sets forth roles, responsibilities, and requirements to ensure robust and thorough system security planning, thereby supporting and advancing the University\u2019s academic, research, and administrative missions.<\/span><\/p>\n<p><strong><a href=\"https:\/\/policies.wsu.edu\/prf\/index\/manuals\/business-policies-and-procedures-manual\/bppm-87-17\/\">87.17<\/a> Vulnerability Management<\/strong><\/p>\n<p><span data-olk-copy-source=\"MessageBody\">Establishing uniform requirements for identifying, assessing, and remediating vulnerabilities within WSU\u2019s information systems helps reduce security risks and protects institutional data. This policy supports WSU\u2019s overall information assurance program by defining expectations for vulnerability scanning, reporting, and coordinated remediation efforts across the University.<\/span><\/p>\n<p><strong><a href=\"https:\/\/policies.wsu.edu\/prf\/index\/manuals\/business-policies-and-procedures-manual\/bppm-87-20\/\">87.20<\/a> Security Assessment and Authorization<\/strong><\/p>\n<p><span data-olk-copy-source=\"MessageBody\">Evaluating and authorizing information systems through the use of structured, risk based security assessments helps ensure the security of WSU systems and protects WSU systems and data. This policy establishes roles, responsibilities, and requirements for security assessments and reports, testing, monitoring, and security authorization and reauthorization across the University.<\/span><\/p>\n<p><strong><a href=\"https:\/\/policies.wsu.edu\/prf\/index\/manuals\/business-policies-and-procedures-manual\/bppm-87-21\/\">87.21<\/a> Security Awareness and Training<\/strong><\/p>\n<p><span data-olk-copy-source=\"MessageBody\">To support the integrity of WSU\u2019s technology resources, all WSU personnel must have the knowledge and skills to identify, prevent, and respond to potential security risks. Users handling sensitive data are required to have additional training appropriate to their role. The purpose of this policy is to ensure that all users of WSU email, applications, and other computing resources receive adequate training to understand and adhere to best practices in information security.<\/span><\/p>\n<p><strong><a href=\"https:\/\/policies.wsu.edu\/prf\/index\/manuals\/business-policies-and-procedures-manual\/bppm-87-25\/\">87.25<\/a> Information Security Risk Assessment<\/strong><\/p>\n<p><span data-olk-copy-source=\"MessageBody\">Regular and systematic assessment for potential threats and vulnerabilities, including identifying, analyzing, and prioritizing risks, protects WSU\u2019s information systems and data. This policy sets forth roles, responsibilities, and requirements for information security risk assessments so that appropriate safeguards can be implemented\u00a0and maintained, thereby strengthening the security of WSU\u2019s IT environment.<\/span><\/p>\n<p><strong><a href=\"https:\/\/policies.wsu.edu\/prf\/index\/manuals\/business-policies-and-procedures-manual\/bppm-87-30\/\">87.30<\/a> Configuration Management and Change Management<\/strong><\/p>\n<p><span data-olk-copy-source=\"MessageBody\">Managing configuration and change activities protects the confidentiality, integrity, and availability of WSU institutional data and information systems. By establishing requirements for consistent configuration and change management practices, this policy provides a framework that enables WSU to maintain secure, reliable, and well managed IT environments.<\/span><\/p>\n<p><strong><a href=\"https:\/\/policies.wsu.edu\/prf\/index\/manuals\/business-policies-and-procedures-manual\/bppm-87-35\/\">87.35<\/a> Wireless and IoT Security<\/strong><\/p>\n<p><span data-olk-copy-source=\"MessageBody\">Wireless networks provide unique advantages but also pose security and administrative challenges that necessitate a high level of technical coordination and adherence to strict requirements. This policy sets forth the roles, responsibilities, and requirements for ensuring the integrity of WSU\u2019s wireless networks.<\/span><\/p>\n<p><strong><a href=\"https:\/\/policies.wsu.edu\/prf\/index\/manuals\/business-policies-and-procedures-manual\/bppm-87-37\/\">87.37<\/a> Cloud Services, System Development, and Supply Chain Management<\/strong><\/p>\n<p><span data-olk-copy-source=\"MessageBody\">Ensuring that third-party systems meet WSU\u2019s security and privacy requirements protects WSU\u2019s IT environment and data. This policy establishes the roles, responsibilities, and requirements for securely acquiring, developing, and managing cloud storage services, information systems, and other components used by WSU.<\/span><\/p>\n<p><strong><a href=\"https:\/\/policies.wsu.edu\/prf\/index\/manuals\/business-policies-and-procedures-manual\/bppm-87-50\/\">87.50<\/a> Logging And Monitoring<\/strong><\/p>\n<p><span data-olk-copy-source=\"MessageBody\">Effective logging and monitoring are essential to protecting WSU\u2019s information systems by enabling the timely detection of security events, misuse, and system anomalies. This policy establishes the requirements for logging and monitoring as well as generating, reviewing, and securing audit records to support operational oversight, incident investigation, and regulatory compliance.<\/span><\/p>\n<p><strong><a href=\"https:\/\/policies.wsu.edu\/prf\/index\/manuals\/business-policies-and-procedures-manual\/bppm-87-55\/\">87.55<\/a> Information Security Incident Management and Breach Notification<\/strong><\/p>\n<div data-olk-copy-source=\"MessageBody\">WSU is responsible for ensuring the privacy, confidentiality, integrity, and availability of its information systems, services, devices, and data. Establishing a consistent and coordinated approach to handling security incidents helps to minimize unauthorized access, misuse, loss, destruction, theft of information, and disruption of services that can be caused by information security incidents.<\/div>\n<div aria-hidden=\"true\">\u00a0<\/div>\n<div>Information gained and lessons learned during the incident response process may improve future responses to incidents, improve training, and help to build institutional resilience. Proper handling of information security incidents may mitigate potential harm to WSU&#8217;s:<\/div>\n<div aria-hidden=\"true\">\u00a0<\/div>\n<ul>\n<li>\n<div role=\"presentation\">Strategic plan and business objectives; and<\/div>\n<\/li>\n<li>\n<div role=\"presentation\">Financial operations, brand, and reputation.<\/div>\n<\/li>\n<\/ul>\n<div>This policy provides a WSU-wide framework to help facilitate the development and implementation of consistent and coordinated procedures for reporting and responding to information security incidents across the WSU system.<\/div>\n<div>\u00a0<\/div>\n<p><strong><a href=\"https:\/\/policies.wsu.edu\/prf\/index\/manuals\/business-policies-and-procedures-manual\/bppm-87-70\/\">87.70<\/a> Business Continuity and Disaster Recovery<\/strong><\/p>\n<p><span data-olk-copy-source=\"MessageBody\">Business continuity and disaster recovery planning is a critical part of ensuring the security and reliability of WSU\u2019s information systems, as well as the protection of WSU data and information. This policy sets forth roles, responsibilities, and requirements for developing, maintaining, and testing contingency plans.<\/span><\/p>\n<p><strong><a href=\"https:\/\/policies.wsu.edu\/prf\/index\/manuals\/business-policies-and-procedures-manual\/bppm-87-75\/\">87.75<\/a> Data Retention Backup and Archive<\/strong><\/p>\n<p><span data-olk-copy-source=\"MessageBody\">Protecting the confidentiality, integrity, and availability of WSU data and information requires robust data management and backup in accordance with all applicable laws, policies, and standards. This policy sets forth the roles, responsibilities, and requirements for creating and maintaining backup and archived system data.<\/span><\/p>\n\n<\/div>\r\n\n<\/div>","protected":false},"excerpt":{"rendered":"","protected":false},"author":49281,"featured_media":0,"parent":21116,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"","meta":[],"wsuwp_university_location":[],"wsuwp_university_org":[],"_links":{"self":[{"href":"https:\/\/policies.wsu.edu\/prf\/wp-json\/wp\/v2\/pages\/70079"}],"collection":[{"href":"https:\/\/policies.wsu.edu\/prf\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/policies.wsu.edu\/prf\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/policies.wsu.edu\/prf\/wp-json\/wp\/v2\/users\/49281"}],"replies":[{"embeddable":true,"href":"https:\/\/policies.wsu.edu\/prf\/wp-json\/wp\/v2\/comments?post=70079"}],"version-history":[{"count":5,"href":"https:\/\/policies.wsu.edu\/prf\/wp-json\/wp\/v2\/pages\/70079\/revisions"}],"predecessor-version":[{"id":70144,"href":"https:\/\/policies.wsu.edu\/prf\/wp-json\/wp\/v2\/pages\/70079\/revisions\/70144"}],"up":[{"embeddable":true,"href":"https:\/\/policies.wsu.edu\/prf\/wp-json\/wp\/v2\/pages\/21116"}],"wp:attachment":[{"href":"https:\/\/policies.wsu.edu\/prf\/wp-json\/wp\/v2\/media?parent=70079"}],"wp:term":[{"taxonomy":"wsuwp_university_location","embeddable":true,"href":"https:\/\/policies.wsu.edu\/prf\/wp-json\/wp\/v2\/wsuwp_university_location?post=70079"},{"taxonomy":"wsuwp_university_org","embeddable":true,"href":"https:\/\/policies.wsu.edu\/prf\/wp-json\/wp\/v2\/wsuwp_university_org?post=70079"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}