Standard for Compliance with Legal and Contractual Requirements

I. Purpose

The purpose of this standard is to establish the university’s obligation to ensure compliance with all relevant statutory, regulatory, and contractual requirements in order to avoid breaches related to information security.

II. Scope

It is the responsibility of university executives and department heads to identify all legislation applicable to their organization and to put the appropriate guidelines and procedures in place to meet the compliance requirements.

III. Contacts

Direct any general questions about this standard to your unit’s Information Security Liaison. If you have specific questions, please contact OneIT Information Security Compliance at ISCompliance-group@uncc.edu.

IV. Standard

All relevant statutory, regulatory, and contractual requirements and the university’s approach to meet these requirements should be explicitly identified, documented and kept up to date. The specific controls and individual responsibilities to meet these requirements should also be defined and documented.

Related Resources

• University Policy 311 Information Security
• University Policy 311.2 GLBA Information Security
• University Policy 311.6 Regulation on Security of Electronic Individually Identifiable Health Care Information under HIPAA
• University Policy 311.7 Regulations on Information Systems Security
• University Policy 311.8 Regulations on the Use of Social Security Numbers
• University Policy 311.9 Regulation Regarding Third Party Data Subject to Contractual Access Restrictions
• Payment (Credit/Debit) Card Processing Standard
• ISO/IEC 27002

ISO/IEC 27002 was adopted by The University of North Carolina at Charlotte in 2012. All standards and guidelines are based on this code of practice for Information Security Management.

Revision History

Initially approved by Information Assurance Committee 11/06/14
Updated 12/02/21