Information and data security are not only a priority for CMCI but also the responsibility of every CMCI and CU community member.

Security incidents are becoming more common and can lead to exorbitant costs for the university, lost productivity for our faculty and staff and lost learning opportunities for our students.

Campus IT Security Compliance

CU and CMCI are subject to a number of laws and regulations that mandate the appropriate protection and handling of information. We have subject matter expertise to help community members navigate how to work while balancing compliance requirements; some of the most common include:

  • : The FTC Safeguards Rule requires CU to ensure the security and confidentiality of certain nonpublic personal information (NPI) collected regarding financial products or services available to community members. 
  • : As a HIPAA hybrid entity, CU must follow the requirements to protect and secure Protected Health Information (PHI).
  • This federal law affords parents and students the right to have access to the student’s education records, seek to have those records amended, and the right to control some disclosure of personally identifiable information from education records. 
  • : This is a process that federal government contractors must adhere to in order to provide goods or services to federal agencies.
  • : Departments that process payment cards have an obligation to protect cardholder information by following an established set of security standards.

What can I do?


If you have questions or would like to schedule a consultation, please contact CMCITechTeam@colorado.edu