Author: Brandon Murray

Multi-Factor Authentication (MFA) Policy

Posted on March 29, 2023March 17, 2026 by Brandon Murray

Title:	Multi-Factor Authentication (MFA) Policy
Policy Owner:	Information Technology Services / Chief Information Security Officer
Applies to:	All Workforce Members, Students
Campus Applicability:	All UConn Campuses, except UConn Health
Approval Date:	March 4, 2026
Effective Date:	March 9, 2026
For More Information, Contact:	UConn Information Security Office
Contact Information:	techsupport@uconn.edu or security@uconn.edu
Official Website:	https://security.uconn.edu/

PURPOSE

To help prevent unauthorized access to University information systems.

DEFINITIONS

Hardware Token: A small hardware device that serves as a second authentication mechanism either in place of or in addition to the an MFA mobile app.

University Information System: Devices and/or components managed or contracted by the University for collecting, storing, and processing data and for providing information, knowledge, and/or digital products. For purposes of this policy, information technology devices and components managed exclusively by UConn Health are not considered University Information Systems.

Multi-Factor Authentication (MFA): MFA is a method of system access control in which a user is granted access only after successfully providing at least two pieces of authentication, usually including knowledge (something the user knows such as a password), possession (something the user has such as a token generator), or inherence (something the user is such as the use of biometrics).

POLICY STATEMENT

Users of University Information Systems must adhere to Multi-Factor Authentication (MFA) requirements, where available, to ensure authorized access to University Information Systems and protected or confidential data.

University Information Systems must include effective MFA protections for authentication unless granted an exception from this policy by the Information Security Office (ISO). The Information Security Office (ISO) may mandate implementation of MFA for any University Information System.

The Information Security Office is authorized to publish and maintain any necessary standards, procedures, and guidelines to effectuate and enforce this policy.

MULTI-FACTOR AUTHENTICATION PROCEDURES

User Requirements

Users must maintain a device that can receive MFA authentication requests in a secure manner via a University approved mobile app or another mechanism, such as SMS, phone, or Hardware Token.
When an attempt is made to access a MFA protected system or application, the system will challenge the user by requesting a second factor of authentication which may include an acknowledgement of a push notification via a University approved MFA mobile app, a code via SMS, or a Hardware Token.
If users receive an MFA notification when not conducting a recent authentication, the authentication shall be denied and immediately reported to the Technology Support Center. Users shall update their NetID password, or credential associated with the authentication, if they reasonably believe their password is compromised.
Users may not approve MFA requests for another user’s account or register a device for MFA which is not within their individual control.

Frequency or Type of User Challenges

The frequency with which a user may be challenged, or the type of challenge depends both on policy and use.

Policy based – depending on information being accessed, more frequent authentications may be required.
Usage based – While user challenges may be “remembered” for a period of time, use of other hardware, browsers, or other behaviors may trigger additional verification using a second factor.

Lost or Stolen Devices

If a user’s registered multi-factor device is lost, stolen, or the user has reason to suspect their UConn NetID has been compromised, the user must contact the Technology Support Center immediately. As a precaution, they should change their NetID password at netid.uconn.edu.

Off-Hours and Emergency Access to Systems and Applications

UConn Information Technology Services will maintain internal procedures for processing emergency access requests if issues arise with the multi-factor authentication process. Users should contact the Technology Support Center for additional information.

Use of Automated Systems

Automated systems that intend to interfere with the approval component of multi-factor authentication are hereby prohibited.

ENFORCEMENT

Users may not attempt to circumvent login procedures, including multi-factor authentication, on any computer system or otherwise attempt to gain unauthorized access. Attempts to circumvent login procedures may subject individuals to disciplinary action. Financial losses incurred due to the use of multi-factor circumvention techniques are the responsibility of the user, and the University may seek financial restitution from users who violate this policy.

Violations of this policy and any related procedures may result in appropriate disciplinary measures in accordance with University By-Laws, General Rules of Conduct for All University Employees, applicable collective bargaining agreements, and the University of Connecticut Student Code.

EXCEPTIONS

ITS will review and document any requests for exceptions to this standard. ITS will also have available solutions for the intermittent failure of various second factors, which may include the allowance of temporary access codes upon verification of an individual’s identity.

PROCEDURES/FORMS

Questions about this policy or suspected violations may be reported to any of the following:

Information Technology Services Tech Support – https://techsupport.uconn.edu (860-486-4357)

Information Security Office – https://security.uconn.edu

POLICY HISTORY

Policy created: March 29, 2023 (Approved by Senior Policy Council)

Revisions: March 4, 2026 (Approved by the Senior Policy Council and President)

Endpoint Device Security Policy, Information Technology

Posted on August 30, 2021March 17, 2026 by Brandon Murray

Title:	Endpoint Device Security Policy, Information Technology
Policy Owner:	Information Technology Services / Chief Information Security Officer
Applies to:	All faculty, staff, student employees, affiliates, and volunteers
Campus Applicability:	All UConn Campuses, except UConn Health
Approval Date:	March 4, 2026
Effective Date:	March 9, 2026
For More Information, Contact:	UConn Information Security Office
Contact Information:	techsupport@uconn.edu or security@uconn.edu
Official Website:	https://security.uconn.edu

BACKGROUND

Endpoints are important tools for the University, and their use is supported to advance the mission of the university. Endpoints also represent a significant risk to information and data security. If appropriate security measures and procedures are not applied, endpoints can serve as a conduit for unauthorized access to University data and IT resources that can subsequently lead to data leakage and a path for compromise of other systems.

PURPOSE

To ensure data and information systems security by establishing requirements for endpoint devices.

APPLIES TO

This policy applies to all University faculty, staff, student employees, and volunteers who use endpoint devices to access any non-public IT resources owned or managed by the University.

DEFINITIONS

IT Resources: Includes systems and equipment, software, and networks. Systems and equipment include but are not limited to computers, hard drives, printers, scanners, video and audio recorders, cameras, photocopiers, and other related devices. Software includes but is not limited to computer software, including open-source and purchased software, and all cloud-based software, including infrastructure-based cloud computing and software as a service. Networks include but are not limited to all voice, video, and data systems, including both wired and wireless network access across the institution.

Endpoint: Physical device that connects to and exchanges information with a computer or telecommunications network, often acting as the interface between a human user and the network, including but not limited to, desktops, laptops, tablet computers, and smartphones. Endpoints do not host services for other endpoints.

Confidential Data: Institutional information protected by law, government regulations, statutes, industry regulations, contractual obligations, or specific university policies.

POLICY STATEMENT

University of Connecticut faculty, staff, student employees, affiliates, and volunteers who use endpoints, whether University-owned, externally owned, or personally owned, are responsible for any institutional data that is stored, processed, and/or transmitted via an, endpoint, mobile, or remote device and for following the security requirements set forth in this policy.

To adequately protect the data and information systems of the University, all individuals covered under this policy are expected to meet the following requirements:

Endpoint Security Requirements

Configure the device to require a password meeting the requirements set forth in the University Password Standard (https://security.uconn.edu/password-standards/), biometric identifier, PIN (minimum of 6 characters), or swipe gesture (minimum of 6 swipes) to be entered before access to the device is granted. Device must automatically lock and require one of the authentication methods after no more than 15 minutes of idle time.
Keep devices on currently supported versions of the operating system and remain current with all published operating system and software patches.
Enable and appropriately secure the device’s remote wipe feature to permit a lost or stolen device to be securely erased.
Securely store the device when not in use to minimize loss via theft or accidental misplacement.
Ensure internal hardware and external peripherals, including but not limited to USB devices, external storage, scanners, input devices, and displays, are manufacturer supported and compatible with the installed operating systems and other installed software.

Except when being actively used, confidential information on endpoint devices must at all times be encrypted through a mechanism approved by the University. Whole drive or whole device encryption may be deployed to meet this requirement.

Endpoints must have software enabled and running to identify, protect, and respond to any threats to the data or operating systems of the devices. University owned endpoints must be enrolled in the university-supported endpoint detection and response (EDR) platform.
University owned endpoints must have Mobile Device Management software installed and enabled to facilitate device protection, including remote wipe and, if possible, device location technology for recovery. Personal devices should be configured to enable these features where possible.

Wherever practical, elements of these requirements will be enforced via centrally administered technology controls.University owned devices that are unable to meet these requirements must go through a security assessment prior to their use.

STORAGE OF CONFIDENTIAL DATA

In general, Confidential Data should not be stored on endpoints. However, in certain instances and depending on job responsibilities, this may be unavoidable. In these instances, Confidential Data must be stored ONLY on university-owned devices configured in compliance with this policy.

DEVICE DECOMMISSION OR SEPARATION FROM THE UNIVERSITY

When endpoints, including personally owned devices that may have had access to University resources or data, are no longer used, and sold, donated, given, placed in the control of or otherwise transferred to anyone else, the device owner is responsible for ensuring that any University information is securely deleted from the device, including University-related e-mails/accounts, user ID and password, or other cached credentials used to access University systems.

In the event of separation from the University, it is the employee’s responsibility to delete any University-related e-mail accounts or University licensed software that may have been installed on personal endpoints, devices, or computers.

EXCEPTIONS

In certain instances, there may be a justifiable business need to operate a device that is not in compliance with this policy. In these instances, users must work with the Information Security Office to request evaluation of an exception to this policy. Exceptions are reviewed on a case-by-case basis and are approved at the discretion of the Chief Information Security Officer based on justifiable business need and assessed risk. Exceptions must be reviewed and approved prior to implementation of any solution that does not fully comply with this policy.

ENFORCEMENT

Office of University Compliance – https://compliance.uconn.edu (860-486-2530)

Information Technology Services Tech Support – https://techsupport.uconn.edu (860-486-4357)

Information Security Office – https://security.uconn.edu

REFERENCES

Data Classification Policy

POLICY HISTORY

Policy created: August 30, 2021 (Approved by President’s Senior Team)

Revisions: March 4, 2026 (Approved by the Senior Policy Council and President)

System and Application Security Policy

Posted on August 30, 2021March 17, 2026 by Brandon Murray

Title:	System and Application Security Policy
Policy Owner:	Information Technology Services / Chief Information Security Officer
Applies to:	University Workforce Members
Campus Applicability:	All UConn Campuses, except UConn Health
Approval Date:	March 4, 2026
Effective Date:	March 9, 2026
For More Information, Contact:	UConn Information Security Office
Contact Information:	techsupport@uconn.edu or security@uconn.edu
Official Website:	https://security.uconn.edu

PURPOSE

To ensure the security of university data and systems by establishing requirements for the proper maintenance and oversight of systems and applications used by university constituents.

APPLIES TO

This policy applies to all workforce members responsible for operating or overseeing any University system or application, whether on premise or in the cloud.

DEFINITIONS

Academic / Research System: A system whose primary responsibility relates to individual academic work or research.

Administrative System: Any system that is used in support of the operation of the university excluding individual Academic / Research Systems.

ISO: Information Security Office

ITS: Information Technology Services

IT Professional: An individual (staff) who is trained and skilled in using technology to solve business problems coupled with assigned job duties in support of technology at the university. This must be a defined responsibility within the position job description and may not fall under “other duties as assigned.” Appropriate training, support, and budget must also be available in support of the IT Professional role.

Local Network: Network of computers and devices logically located on the same subnet.

Software as a Service (SaaS): Cloud-based service that is delivered via the web based on either a monthly or annual subscription.

Platform as a Service (PaaS): Cloud-based service that provides a platform allowing for the development of software using an established framework to improve development time and management of cloud services.

Personally Identifiable Information (PII): Information that either singularly or in conjunction with other data elements could reasonably lead to the identification of specific individuals.

System Owner: The individual – such as a faculty member, department head, manager, or other employee – who is responsible for the planning and operation of the service. All systems must have a designated system owner.

Vendor Risk Management (VRM): The process of identifying, assessing, and mitigating risks associated with third-party suppliers and service providers. It ensures that vendors meet security, compliance, and operational standards before and during their engagement with the University.

POLICY STATEMENT

The proper management, maintenance, and support of systems and applications is critical to protecting the data they store or process from a confidentiality, integrity, and availability perspective.

System Ownership

All systems, including cloud-based systems, supporting any aspect of the University must have an identified owner and responsible party for ensuring the implementation and operation of the controls specified in this policy.

All software and services used to process University information are subject to an Information Security review and sign off prior to their purchase or development. Information security reviews will evaluate specific risks and controls available and necessary based on the information being processed. The System Owner will be responsible for the deployment of the agreed upon security controls prior to enabling the production capability of the system or application. Maintaining security best practices is an ongoing and evolving responsibility; the System Owner shall implement additional security controls consistent with best practice, regulatory requirements, or as directed by the Information Security Office during the lifecycle of the system, server, software, or service.

System Access

Access to information in the possession of or under the control of the University must be provided on a need-to-know basis. Information must be disclosed only to individuals who have a legitimate and approved need for the information. Access to functionality shall be configured on the basis of least privilege and granted only where approved for a legitimate business purpose.

Systems and applications shall employ best practices for authentication and authorization. System Owners are responsible for maintaining documentation of their system access controls. The use of University Single Sign On (SSO) is required unless impractical or impossible.

Information may only be used for its intended purpose, and other uses of University information without the approval of the data owner is prohibited.

System access shall be reviewed and altered (if applicable) as soon as possible when a relevant change in an individual’s status occurs, including but not limited to, change of role, transfer, promotion, termination, or separation.

When an individual requires continued access to an existing system following a change of status, any access that is no longer required must be removed.

Any shared/service accounts, encryption keys, or shared secrets that the individual had access to must have their passwords or private keys rotated following the status change unless the System Owner determines that continued access is required.

User Management

Information Technology Services (ITS) provides a centralized user identity and access management platform (IAM) that supports identity validation and access management using a NetID and password. UConn NetID provides for single sign on (SSO) across multiple systems. Systems and applications that rely on the University IAM platform to authenticate individuals may rely on UConn NetID for user management. System Owners are always responsible for assigning and managing roles within the system or application.

Owners of systems and applications that cannot use the central IAM solution shall develop a formal, written plan which, at minimum, defines or identifies the following:

The individual(s) responsible for creating, modifying, and deleting user accounts.
Process and responsibility for regularly reviewing system access. System access reviews must be performed when configured users separate from the University, and not less than annually.
Password/multi-factor authentication requirements and reset procedures. Multi-factor authentication is required for all systems.
Process for validating a person’s identity when password or multifactor reset or account changes are requested.

The authentication management plans and any plan revisions must be submitted to the Information Security Office for review and approval.

Software Maintenance

Only necessary software should be loaded on systems, and old versions of software removed. The use of web browsers and other individual productivity tools should be limited to the management of the system only.

Patching, Maintenance, and Vulnerability Management

System Owners must ensure the timely implementation of patches and required maintenance in accordance with the University’s vulnerability management standards and vendor provided guidance in order to provide for the confidentiality, integrity, and availability of the systems or data. Maintenance is considered required when the change is necessary to remediate a vulnerability, maintain the availability of a system, or align with updated industry best practices. The ongoing maintenance of systems and applications, including software and configuration maintenance, must be minimally scheduled on a quarterly basis. This includes on-premises, vendor-hosted, and cloud-hosted applications. It is the UConn System Owner’s responsibility to ensure that systems under their control remain in compliance with this policy, even when the system is managed or hosted externally.

System and Application Lifecycle Management

System Owners are responsible for the planning of and budgeting for system maintenance and obsolescence. Any system or application that is no longer supported by the vendor or is replaced by newer technology should be decommissioned as soon as possible. The decommissioning process must include the proper retirement of any physical hardware or virtual images and the proper destruction of any media (e.g., hard drives, tapes, etc.) that may have data. Cloud services that are decommissioned should ensure the proper handling of any data (return and/or destruction) in the cloud vendor’s possession as part of the contract cancellation.

Software as a Service (SaaS) / Platform as a Service (PaaS)

Patching and maintenance of cloud-based SaaS and PaaS systems is typically handled by the contracted vendor. System Owners are responsible for proper security configurations and user management associated with providing the service. A Vendor Risk Management review is necessary for all newly procured cloud-based services.

Infrastructure as a Service (IASS)

IaaS provides a significant amount of flexibility in the configuration and use of the platform. This requires specific expertise and management by an IT Professional. Where applicable, IaaS solutions must meet the same requirements as Administrative Systems.

Administrative System and Application Security

Administrative systems, due to their complexity, must be managed by an IT Professional. System Owners are responsible for ensuring they have the administrative and technical resource capacity to support this requirement.

Administrative Systems will be required to adhere to all regulatory requirements and meet security controls and standards as set forth by the Information Security Office based on institutional requirements.

Encryption

All systems housing administrative data shall be configured to provide encryption for all data in transit and all data at rest. Where possible, the encryption keys necessary to decrypt the data should reside outside of the system and/or application.

Auditing of Systems and Application Logs

System and application logs shall be reviewed for inappropriate access on a regular basis (at least monthly) or via automated systems capable of detecting misuse through the analysis of frequent password failures, geographic anomalies, or inappropriate access attempts. ITS maintains a centralized logging and reporting platform, which can assist in the analysis of large amounts of data often associated with system and application logs. All Administrative Systems (regardless of hosting platform) and all centrally hosted systems must be configured to log both application and security events to the centralized logging and reporting platform.

Mandatory Reporting

All suspected policy violations, system intrusions, and other conditions that might jeopardize University information or information systems must be immediately reported to the Information Security Office.

EXCEPTION MANAGEMENT

The Information Security Office shall maintain a risk-based exception management program and shall review and document any requests for exceptions to this policy. The Information Security Office shall, in its sole discretion, approve or deny requested exceptions and may require mitigating controls for any approved exception.

System and application owners shall contact the Information Security Office to initiate the exception review process when it is not possible to comply with this policy.

ENFORCEMENT

Systems and applications found to be non-compliant with this policy may be administratively shut down or have their access restricted. Systems maintained at the departmental or individual level may incur costs in association with enabling the proper protections or in the event of data exposure.

PROCEDURES/FORMS

Questions about this policy or suspected violations may be reported to any of the following:

Office of University Compliance – https://compliance.uconn.edu (860-486-2530) or UConn Reportline (1-888-685-2637)

Information Technology Services Tech Support – https://techsupport.uconn.edu (860-486-4357)

Information Security Office – https://security.uconn.edu

POLICY HISTORY

Policy created: August 30, 2021 (Approved by President’s Senior Team)

Revisions:
August 30, 2023 (Approved by the Senior Policy Council and the President)
March 4, 2026 (Approved by the Senior Policy Council and President)

Firewall Policy

Posted on August 30, 2021March 10, 2026 by Brandon Murray

Title:	Firewall Policy
Policy Owner:	Information Technology Services / Chief Information Security Officer
Applies to:	All students, faculty, and staff responsible for configuring firewalls
Campus Applicability:	All UConn Campuses, except UConn Health
Approval Date:	February 20, 2026
Effective Date:	March 9, 2026
For More Information, Contact:	UConn Information Security Office
Contact Information:	techsupport@uconn.edu or security@uconn.edu
Official Website:	https://security.uconn.edu

PURPOSE

To ensure a common set of firewall configurations across the organization to maximize their protection and detection capabilities in support of the University’s information security. Firewalls provide a valuable protection and detection capability for the organization when properly configured, managed, and monitored.

APPLIES TO

This policy applies to all University faculty, staff, students, student employees, volunteers, and contractors who have responsibility for controlling or configuring firewalls.

DEFINITIONS

EOL: End of Life

EOS: End of Support

IANA: Internet Assigned Numbers Authority

POLICY STATEMENT

The University operates in a highly flexible and adaptive security environment to meet its academic, research, and administrative missions. While the ability to adapt to meet the ever-changing needs of the University is important, oversight and reporting of firewall activities are critical to the successful protection and operation of the University environment. The following firewall requirements must be satisfied:

Firewall Configuration Standards

All firewalls must be properly maintained from a hardware and software perspective. This includes proper lifecycle planning for EOL and EOS software/hardware and regular review (at least annually) of firewall rulesets.
All dedicated firewalls used in production must follow the University firewall management standard, which includes the ability to review currently configured firewall rules across the organization, identification of shadow or redundant rules and rules in conflict, and standardization of device/object names.
Firewall rulesets and configurations must be backed up frequently to alternate storage (not on the same device). Multiple generations must be captured and retained in order to preserve the integrity of the data, should restoration be required. Access to rulesets, configurations and backup media must be restricted to those responsible for administration and review.

Firewall Rules

Firewall rules specify (either allow or deny) the flow of traffic through the firewall device. Firewall rules are typically written based on a source object (IP address/range, DNS Name, or group), destination object (IP address/range, DNS Name, or group), Port/Protocol and action.

All firewall implementations should adopt the principal of “least privilege” and deny all inbound traffic by default. The ruleset should be opened incrementally to only allow permissible traffic.
Outbound traffic should be enumerated for data stores, applications, or services
Overtly broad rules may be allowed for specific groups of individuals (not systems). Approval must be granted by the Chief Information Security Officer or their designee.
The use of overly permissive firewall rules is prohibited (i.e., ANY/ANY/ALL rules).
Protocols defined in services and in the firewall must utilize Service Name and Protocol/Port information as assigned by IANA, unless there is a technical reason to do otherwise other than “security through obscurity” and must be commented appropriately in the ruleset.

Firewall Logging

Firewall log integrity is paramount to understanding potential threats to the network. Firewall devices must log the following data to a system outside of the physical firewall itself and must be regularly reviewed at least monthly or programmatically through automated means. Firewall logs may be forwarded to the ISO SIEM for retention and analysis.

The following items must be logged as part of the operation of the firewall:

All changes to firewall configuration parameters, enabled services, and permitted connectivity
Any suspicious activity that might be an indicator of either unauthorized usage or an attempt to compromise security measures

ENFORCEMENT

PROCEDURES/FORMS

Questions about this policy or suspected violations may be reported to any of the following:

Office of University Compliance – https://compliance.uconn.edu (860-486-2530)

Information Technology Services Tech Support – https://techsupport.uconn.edu (860-486-4357)

Information Security Office – https://security.uconn.edu

REFERENCES

Internet Assigned Numbers Authority

POLICY HISTORY

Policy created: August 30, 2021 (Approved by President’s Senior Team)

Revisions: February 20, 2026 (Approved by the Senior Policy Council)

The Provost’s Professional Internship Program for Public Outreach, Service, and Engagement

Posted on October 30, 2013August 7, 2017 by Brandon Murray

Title:	The Provost’s Professional Internship Program for Public Outreach, Service, and Engagement
Policy Owner:	The Graduate School
Applies to:	Graduate Students
Campus Applicability:
Effective Date:	January 9, 2013
For More Information, Contact	Office of the Vice Provost for Graduate Education and Dean
Contact Information:	860-486-3617
Official Website:	http://grad.uconn.edu/

Graduate students are often supported by a graduate assistantship awarded for performing research or teaching functions at the University. The University covers tuition expenses for those students. In addition, the University may cover tuition expenses of students who are funded by a grant that does not cover the cost of the student’s tuition.

The University recognizes the value of supporting graduate student professional development activities that extend beyond on-campus research and teaching. The Provost may determine that the University will cover tuition expenses for graduate students engaged in other activities directly related to the University’s mission and directly aligned to a student’s academic program of study. The circumstances under which the University will cover tuition expenses and provide a health insurance subsidy for such students are very limited and based on compelling evidence that the activity supports important academic objectives, such as professional internships required as an integral component of a graduate educational program. The Provost will evaluate such activities on a case-by-case basis using the following criteria:

The substantive focus of the graduate internship must serve a clear public service, public outreach, or engagement purpose.
The graduate internship’s objectives must support the academic mission of the University and align directly with the goals of the University’s Academic Plan.
The graduate internship must be established as a required component of the academic program in which the participating students are enrolled.
It must be demonstrated that the viability of the internship program is threatened if tuition is not covered.
The graduate internship must be credit-bearing, be directed by an instructor of record, and must require students to produce an academic work product.
The paid internship experience for the student must include compensation equivalent to or higher than that of a Level I graduate assistant for the academic year.
The graduate student interns must be placed in a sponsoring organization that provides at least partial support for the graduate student, including paying the student’s stipend and benefits.
The graduate students participating in the internship must serve their internships in public or nonprofit organizations with a clear public service mission.
The term of tuition coverage associated with a graduate internship will not exceed four semesters per student.
The graduate students participating in the internship must be in good academic standing.

For student tuition to be covered and for a health insurance subsidy to be provided by the University under this program, the Dean of the School or College that houses the internship program must present appropriate justification to the Provost.

The academic programs currently included in this program are available here.

Relocation and Moving Policy

Posted on August 7, 2013February 17, 2026 by Brandon Murray

Title:	Relocation and Moving Policy
Policy Owner:	Office of the Provost and Human Resources
Applies to:	Designated Full-time Faculty, Athletics, Librarians, Management Exempt, and Management Exempt positions with faculty titles
Campus Applicability:	All Campuses except UConn Health
Effective Date:	February 25, 2021
For More Information, Contact	Office of the Provost or Human Resources
Contact Information:	Provost@uconn.edu / HR@uconn.edu
Official Website:	http://www.policy.uconn.edu

REASON FOR POLICY

The University recognizes the competitive nature of the hiring process and therefore grants the flexibility to reimburse or pay for actual relocation expenses for designated full-time faculty, athletics, management-exempt administrators.

POLICY STATEMENT

The relocation policy and procedures establishes the nature of expenses that can be direct billed or reimbursed from the University, limits on these expenses, and a timeframe of when these expenses can occur.

POLICY

In the offer of employment, the University may include an offer to reimburse and/or provide direct payment for allowable moving expenses required for relocation up to the amount specified in the table set forth in paragraph 15 herein.
All reimbursement or direct payments for relocation expenses are includable in the employee’s taxable wages.
Designated faculty includes tenured and tenure-track faculty, management-exempt employees with a base faculty appointment, in-residence faculty, clinical faculty, extension faculty, and librarians.
Direct billing cannot be used for moves that occur during November or December.
The hiring process includes three phases: interview, offer and acceptance, and move. The final phase, the move, begins the date of the final one-way trip of the selected candidate and their family to their new residence. The move phase ends upon the day of arrival. Only expenses incurred in connection with the move phase are covered by this policy. Common relocation expenses include (where relevant, this covers the employee and one immediate family member, defined as spouse or child):
- Transportation of household goods
- Airfare, in accordance with the University Travel Policy
- Car rental (through the day of arrival), or mileage at the standard IRS medical/moving mileage rate, in accordance with the University Travel Policy
- Lodging (only during the one-way trip of the move phase, ending on the day of arrival), in accordance with the University Travel Policy
- Meals during travel (excluding alcohol), in accordance with the University Travel Policy
- Shipping of car
- Storage of household goods after arrival; not to exceed 30 consecutive days after date goods are moved from the former residence
Employees will be reimbursed for the shortest, most direct route available. Travel incurred for side trips or vacations en route, etc. may proportionally reduce the amount of moving expenses an employee is eligible to receive.
The following types of non-business expenses, included but not limited to, will not be paid or reimbursed as part of relocation expenses:
- Entertainment
- Side trips, sightseeing
- Violations (parking tickets, moving violations, )
- Return trips to former residence
- Expenses related to former residence
- General repairs or maintenance of vehicle resulting from self-move
- Temporary accommodation in the new location beyond the day of arrival
Individuals should refer to the Reimbursement of Recruitment Expenses Policy for guidance regarding appropriate payment or reimbursement of expenses related to the “interview” and “offer and acceptance” phases. Relocation payments are not intended to cover any travel expenses incurred during these two earlier phases.
The cost associated with the relocation of a laboratory, professional library, scholarly collection and/or equipment (scientific, musical, etc.) are excluded from this policy as they are not considered household goods or personal effects. If relevant for business purposes, costs associated with moving such materials should be negotiated separately.
This policy applies to new employees whose move exceeds 50 miles and who are moving to within 35 miles of the primary campus at which they will be working. Exceptions to this rule may be made by a Dean, the Director of Athletics, or by the appropriate EVP if a) they think that a move is reasonable given the commuting distance that the new employee would be facing, or b) the new residence of the employee will be close enough to the primary campus at which they will be working so that they will reasonably be able to relocate there and perform their duties.
Relocation expenses will only be covered by this policy if they occur within 12 months of the new start date of an employee.
If employment with the University ends in a voluntary separation prior to working at least thirty-nine (39) weeks on a full-time basis in the first twelve months after starting employment, the employee must reimburse the University the full amount of relocation expenses paid by the University.
Exceptions to extend applicability beyond these employees require a business justification and must be explicitly approved by the Director of Athletics, EVP, or President as appropriate.
The President will recommend an amount for reimbursement and/or direct payment for the Executive Vice Presidents/Provost to the Board. The Chairman of the Board will recommend an amount for reimbursement and/or direct payment for the President to the Board.
The formula for determining the amount to be reimbursed is based on the distance of the move. This figure represents the maximum reimbursement allowed. The allowance for a move constitutes the maximum commitment for reimbursement of University and/or Foundation funds, rather than an entitlement of the employee. The figure is also the maximum amount the University will pay when the direct bill option is selected. The formula is calculated according to the distance of the move, as follows:

Mileage	Reimbursement of expenses up to:
≤ 1,000 miles	$2,000
≤ 1,500 miles	$2,500
≤ 2,000 miles	$3,000
≤ 2,500 miles	$3,500
≤ 3,000 miles	$4,000

It may be the case that the competitive hiring practices of a specific field require exceptions to this policy. Exceptions that involve costs of up to 200% of the standard formula may be approved by the Dean, Director of Athletics, or EVP as appropriate. Exceptions above 200% of the standard formula or involving other requirements of the policy will require documentation of the business justification for the requested exception and these require approval by the EVP or President as appropriate.

PROCEDURES

Relocation and Moving Procedures are located here. Upon acceptance, the University’s contracted relocation services provider, Signature Relocation, will contact the employee directly to assist the employee with their relocation.

ENFORCEMENT

Violations of this policy or associated procedures may result in appropriate disciplinary measures in accordance with University By-Laws, General Rules of Conduct for All University Employees, applicable collective bargaining agreements, the University of Connecticut Student Code, or other applicable University Policies.

RELATED POLICIES

Reimbursement of Recruitment Expenses, Policy on

POLICY HISTORY

Policy Created: 07/01/2003 (Reimbursement of Recruitment and Moving Expenses Policy approved by Board of Trustees)

Revisions:

08/07/2013 (Reimbursement of Moving Expenses Policy and Procedures approved by Board of Trustees)

11/21/2014 (Procedural revisions to Reimbursement of Moving Expenses Policy and Procedures)

02/24/2021 (Relocation and Moving Policy approved by Board of Trustees)

Missing Student Policy

Posted on September 5, 2012September 28, 2021 by Brandon Murray

Title:	Missing Student Policy
Policy Owner:	UConn Police Department
Applies to:	Faculty, Staff, Students
Campus Applicability:	Storrs
Effective Date:	August 18, 2016
For More Information, Contact	Deputy Chief Maggie Silver
Contact Information:	860-486-4800
Official Website:	http://www.police.uconn.edu/

If a member of the university community has reason to believe that a student is missing, whether or not the student resides on campus, all possible efforts will be made to locate the student to determine his or her state of health and well-being through the collaboration of UConn Police, Dean of Students Office, Residential Life staff, and local law enforcement.

At the beginning of each year or upon matriculation, all students are given the opportunity to identify an individual to be contacted by the University in case of emergency.

This contact information is subject to the University’s FERPA Policy. (See: http://policy.uconn.edu/?p=368).

In addition, consistent with Clery Act requirements, all students living in on-campus housing are also given the option each year, or upon moving into on-campus housing, to designate a confidential contact for use in case the student is reported missing. Although the same contact may be provided for both purposes, by law the missing student contact is distinct from the general emergency contact provided by all students, and is held to a higher standard of confidentiality than the general emergency contact. It will be accessible only to authorized University personnel, and disclosed only to law enforcement personnel in furtherance of an investigation. To help ensure timely and complete notification and investigation of all missing student situations, confidential missing student contact should be provided or updated at: https://student.studentadmin.uconn.edu/psp/CSPR/EMPLOYEE/HRMS/c/CC_PORTFOLIO.SS_CC_EMERG_CNTCT.GBL.

If a member of the university community has reason to believe that any student is missing they should immediately contact UConn Police at 860-486-4800.

In missing persons cases, time is of the essence. Hence, we urge the community to contact UConn Police immediately upon suspicion that an individual is missing. The UConn Police Department is committed to begin an investigation upon the first report.

The UConn Police department will initiate formal investigation or contact the appropriate law enforcement agency.

UConn Police will communicate and collaborate as appropriate with one or both of the following departments:

Dean of Students Office at (860) 486-3426
Residential Life Staff at (860) 486-9000

Within 24 hours of the determination that a residential student is a missing person, UConn Police will:

Notify the local law enforcement agency with jurisdiction, if other than UConn Police;
Notify the student’s designated missing person contact;
If the student is under the age of 18 years and is not emancipated, notify the student’s custodial parent or guardian

However, if the student is under 18 and is not an emancipated individual, UConn Police will notify the student parent or guardian as well as any other designated missing person contact.

Parking and Vehicle Policy

Posted on August 21, 2012February 17, 2026 by Brandon Murray

Title:	Parking and Vehicle Policy
Policy Owner:	Facilities Operations – Logistics
Applies to:	Workforce Members, Students, Visitors
Campus Applicability:	All UConn Campuses, except UConn Health
Approval Date:	May 29, 2025
Effective Date:	May 29, 2025
For More Information, Contact	Parking Services
Contact Information:	parkingservices@uconn.edu
Official Website:	https://park.uconn.edu/

BACKGROUND

The University of Connecticut (“UConn”) is authorized by state law^[1] to promulgate rules and regulations concerning the parking and operation of all Motor Vehicles on UConn campuses, which include its Main Campus (Storrs), its Law School (Hartford), and each of its Regional Campuses.

Facilities Operations has overall supervisory responsibility for parking and Motor Vehicle operations at UConn Storrs, UConn Law School, and Regional Campuses. UConn Parking Services, a subdivision of Logistics, is designated to enforce these rules and regulations.

PURPOSE

To establish a framework for the allocation, regulation, and enforcement of parking and vehicle use across UConn campuses, ensuring equitable access, safety, and alignment with the University’s operational needs and mission.

APPLIES TO

Workforce members, students, and visitors on the UConn Storrs, UConn Law School, and Regional Campuses.

DEFINITIONS

Bicycle: Any wheeled vehicle that is not self-propelled and is designed to be pedaled by the rider.

Employee, Regular Payroll: UConn employees who receive UConn bi-weekly paychecks created during its regularly scheduled payroll processes and who are, therefore, eligible for pre-tax Parking Permit fee deductions and the annual extension of preexisting permit parking privileges.

Employee, Special Payroll: UConn employees whose employment periods are part-time, seasonal, or contractually limited.

Hand/Stair Rail: Any railing intended to provide physical support to a pedestrian.

Immobilization: Restricting the vehicle’s use by detaining it at the point of infraction with a UConn locking device.

Impoundment: Removing the owner’s lock, transporting the vehicle to a UConn facility and detaining it.

Motor Vehicle: A motorized conveyance designed for transportation, including but not limited to cars, trucks, motorcycles, motorbikes, motor scooters, and mopeds. Motor Vehicles are classified into the following categories based on their design, engine capacity, and/or Connecticut state law and regulatory requirements:

Motorcycle: A Motor Vehicle with no more than three wheels in contact with the ground, designed with a saddle or seat for the rider or a platform for standing. Motorcycles may not be operated on sidewalks under state law. This includes:
- Motor scooters with an engine capacity greater than 50 cubic centimeters (cc), which are classified as motorcycles under Connecticut state law and require registration and a valid motorcycle license for operation on public roadways.
- Bicycles with an attached motor, except those classified as mopeds (bicycles with a helper motor).
Motorized Personal Transportation Vehicle (MPTV): A vehicle or device used for human transport that does not require a license to operate and is propelled by a fuel- or battery-driven motor. This includes:
- Electric bicycles
- Electric skateboards
- Hoverboards
- Self-balancing electric scooters
- Gasoline-powered scooters
- Mopeds (bicycles with a helper motor)
  - A moped is a bicycle equipped with a helper motor with the following characteristics:
    - Engine capacity of less than 50 cubic centimeters (cc)
    - Not exceeding two brake horsepower
    - Maximum speed of 30 mph with automatic transmission
    - Not subject to registration, but operators must have a valid motorcycle license to ride on public roadways.
Motor Scooter: A subset of vehicle under MPTVs or Motorcycles, depending on engine size:
- Scooters with an engine capacity of less than 50 cc are classified as “bicycles with a helper motor” (mopeds).
- Scooters with an engine capacity greater than 50 cc are classified as motorcycles under state law, requiring registration and a motorcycle license for operation on public roadways.

Parking Citation (‘Citation’): The written documentation of a violated parking regulation; any associated parking fine(s) will remain due until it is either paid or an appeal is upheld.

Parking Permit (‘Permit’): UConn Parking Permits authorize parking by the permit holder on designated areas of UConn campuses, with some restrictions. Permits are available for online purchase year-round by UConn employees and students.

Public Safety Equipment: Any system or resource necessary for the prevention of and protection from events that could endanger the safety of the public from significant danger, injury/harm, or damage, such as crimes or disasters. For example, fire hydrants and blue light emergency phones.

POLICY STATEMENT

The operation and parking of a Motor Vehicle on UConn campuses is a privilege granted by UConn. All individuals who operate or park a Motor Vehicle on UConn campuses must comply with applicable state and federal laws, as well as UConn policies. All vehicles, including Bicycles, skateboards, and MPTVs, must be operated in a manner that does not endanger pedestrians or obstruct pathways.

The University reserves the right to restrict or regulate any transportation device that poses a safety hazard.

Parking Permits

Parking on UConn campuses, including Motorcycles, Mopeds, and Motor Scooters, requires a valid Parking Permit. MPTVs do not require Parking Permits but they are subject to all vehicle and traffic laws on UConn campuses.

All workforce members and students who park on UConn campuses must register their vehicles with UConn Parking Services and display a valid UConn Parking Permit when parked on campus. Parking Permits are valid for the permit holder only as Parking Permits are not transferable. A Parking Permit grants the holder the opportunity to park within designated area(s), but it does not guarantee the availability of a parking space. Not finding a space in a preferred lot is not a valid reason for violating parking policy or regulations.

Students enrolled at institutions other than UConn are considered visitors and must use designated visitor parking for a fee. UConn students employed by UConn are NOT eligible for the purchase of employee Parking Permits.

Affiliated individuals who park on UConn campuses are required to purchase an Area 2 Parking Permit to be authorized to park.

Parking Services is not authorized to issue temporary state handicap parking placards.

UConn Parking Permit holders are responsible for keeping their vehicle information up to date. Any changes to vehicle registration must be reported to Parking Services immediately.

Parking Services reserves the right to revoke a Parking Permit and its associated privileges before its expiration.

Restricted Parking

Parking of any vehicle, including Bicycles, is strictly prohibited in the following areas unless explicitly designated:

Sidewalks, pedestrian walkways, and crosswalks or anywhere that obstructs or negatively impacts pedestrian movement
Alleyways, fire lanes, driveways, loading zones, ADA parking transfer zones
Within 10 feet of fire hydrants or Public Safety Equipment
Adjacent to UConn buildings
Inside buildings, under overhangs, or in breezeways
Secured to unauthorized structures (e.g., trees, Hand/Stair Rails, bollards, fences, signposts, or Public Safety Equipment)
Any location or manner that creates, or has potential to create, a public safety hazard such as blocking or encumbering a building entrance or exit

Additionally:

Bicycles must be parked in designated Bicycle racks.
Overnight parking, not specifically authorized by University Permit privileges, posted signage, or written communication from Parking Services is prohibited.
Severe weather may require UConn to modify or suspend normal parking operations. Vehicles that impede snow removal will be ticketed by UConn Parking Services and/or towed.
Vehicles abandoned or otherwise parked for an extended period in an inoperable or neglected condition may be impounded without notice by Parking Services, at the owner’s risk and expense.

Event parking may require temporary redirection of Permit holders to alternate parking locations. Permit holders must comply with posted signage or instructions from Parking Services regarding event-related parking adjustments.

Parking Citations

Failure to display a valid Parking Permit or comply with applicable laws, regulations, and policies may result in Parking Citations, towing, or revocation of parking privileges. The registered owner of the cited Motor Vehicle is responsible for the payment of the associated fines.
Unpaid Parking Citations after 14 days are considered delinquent, accrue late fees, and cannot be appealed.
Unauthorized vehicles in restricted areas may be impounded at the owner’s expense.

ENFORCEMENT

Parking rules and regulations are enforced year-round, including during academic recesses. University Permit parking privileges are strictly enforced in most surface lots between the hours of 7:00 a.m. and 5:00 p.m. on weekdays, unless otherwise posted. Parking garages are enforced 24/7 year-round. Although Permits are not required in most employee and student commuter lots after 5 PM, they are required in all resident and apartment lots and in other restricted locations 24/7.

Violations of this policy or procedures may result in appropriate disciplinary measures in accordance with University By-Laws, General Rules of Conduct for All University Employees, applicable collective bargaining agreements, and the University of Connecticut Student Code.

PROCEDURES

Parking Permits

See Parking Services/Permits for specific Parking Permit information.

Employees

Employee Parking Permits are available for purchase throughout the year. See: Employee Permit Parking information.

New UConn Regular and Special Payroll Employees may register and purchase their UConn Parking Permits online or may apply for and purchase their Parking Permits at the Parking Services Office in Storrs.
Only Regular Payroll Employees are eligible for payroll-deducted Permits.

Special payroll Employees must pay for their Parking Permits upfront using a credit/debit card, check, or money order.

Renewal of Permits

The parking privileges of Regular Payroll UConn Employees are automatically extended from one Permit year to the next. Those who secure their parking privileges using payroll deductions will be given the opportunity to discontinue their deductions. Special payroll Employees must manually renew their Parking Permit if they continue working at UConn in subsequent semesters. Permits purchased using check, money order or credit/debit card can be cancelled through Parking Services for refunds according to the prorated refund schedule.

Students

Permit types and eligibility are based on academic credit hours and housing status. Parking Permits are available for students living off campus (commuter); on campus (resident); or teaching assistants/graduate assistants (GA/TA). UConn annual student Parking Permits remain valid from the start of the fall semester to the end of summer recess.

See: Student Parking Permit Product and Sales Information for the Storrs and Regional campuses.

See: Resident Parking Permits Rates, Types, & Eligibility.

Resident Student Permits: Students with 54 or more earned academic credits assigned UConn housing on the Storrs or Regional campuses are eligible to purchase a Resident Parking Permit.
Exceptions to 54 Credit Rule for Resident Students: Exceptions for resident students with fewer than 54 credits are limited to medical needs or life events that require a resident student to have a car on campus. Documentation may be required, and parking is typically restricted to Lot J or other perimeter lots. Off-campus employment obligations do not qualify for an exemption from the 54-earned-credit-hour prerequisite.
Commuter Student Permits: All Commuter students are eligible to purchase available Commuter Parking Permits.
Student Carpool Permits: Only commuter students are eligible to purchase Carpool Permits.

Renewal of Permits

Students must renew Parking Permits each academic year if they plan to park on campus. To cancel a Permit, students must notify Parking Services, and if eligible, they may receive a prorated refund based on UConn’s refund schedule.

Visitors

Visitors can make their own parking arrangements on all UConn campuses. On the Storrs campus, hourly self-pay parking is also available in the North and South parking garages.

For all campuses, see: Guest and Visitor Parking.

Accessible Accommodations and Special Requests

Parking Services’ staff are available to discuss on-campus travel and parking accommodation for those with special circumstances at (860) 486-4930.

Connecticut residents may visit the Connecticut Department of Motor Vehicles website to learn more about the availability and privileges associated with Connecticut’s temporary handicap parking placards.

For Employees

UConn Faculty and Staff with state-issued handicap placards can apply for a UConn Parking Permit and use ADA compliant spaces within their selected Permit-type area. See: UConn Accessible Parking for complete Accessible Parking information.

For Students

Any UConn Resident student requesting to purchase a Parking Permit based on a documented disability should register with the Center for Students with Disabilities (CSD) and follow the procedures for requesting accommodations. See: UConn Center for Students with Disabilities (CSD).

Parking Citations & Appeals

Parking Citations & Fines

Payment of UConn Parking Citations can be made online, by mail, or in person at Parking Services. Acceptable payment methods include check, credit/debit card, or money order made out to the “University of Connecticut.”

See: Paying a Ticket.

See: Parking Citation Appeal Processes and associated forms.

Parking Citations must be paid within 14 calendar days of issuance. Payment methods include:

Online: via the Parking Services website.
By mail: with check or money order payable to “University of Connecticut.”
In person: at the Parking Services Office.

Unpaid Citations after 14 days are delinquent and subject to late fees. Delinquent Citations cannot be appealed. UConn may send Citations that are delinquent for six months or more to a collection agency. Unpaid student Citations may be posted to student fee bills. All those with delinquent Parking Citation fees will be sent up to three notifications of payment.

Two weeks following the issuance of the third payment notification, the revocation of the payee’s UConn parking privileges may occur. If a Permit is revoked, a refund of the remaining value of the Permit may be considered.

UConn may forward any Parking Citation fees delinquent for six months or more to a collection agency. The overdue Parking Citation fees of UConn students can be posted to their student fee bills for payment.

See: Paying a Ticket for full payment details.

How to Appeal a Parking Citation

Appeals must be submitted in writing within 14 calendar days of Citation issuance. Appeal methods Appeals may be submitted online or via the submission of a preprinted paper form, available for online download and at the Parking Services (Storrs) office. Parking Citation appeals are either “granted” or “denied”. If granted, no payment is due. If denied, payment must be made within 14 days to avoid a late fee.

If an appeal is denied, payment must be made within 14 days to avoid late fees. An appellant may request a verbal appeal only if new facts were omitted from the original appeal.

The verbal appeal process may be initiated by phone at (860) 486-4930.

See: Citation Appeals | Parking Services

Towing and Impoundment

Private towing contractors complete tows initiated by UConn. Any towing or storage fees must be paid directly to the towing contractor.

All impounded Motor Scooters will be stored within a Parking Services facility until claimed by their owners or disposed of by UConn through not-for-profit donation.

A Bicycle parked or operated in violation of these regulations may be impounded. UConn will not compensate the owner of the Bicycle for the cost of any lock (or other security device) that is cut or otherwise damaged during the Impoundment process.

Violations of any Bicycle or traffic regulation may result in:

criminal charges
Impoundment of the Bicycle
the assessment of fines

How To Claim an Impounded Bicycle

Proof of ownership is required before UConn will release an impounded Bicycle to a claimant. When Bicycles are impounded, they are relocated to a secure Parking Services impound facility. See: Reclaim an Impounded Bicycle.

Event Parking

Special event rates are typically charged during the four (4) hours that immediately precede the start of an event.

Event Coordinators must inform Parking Services two (2) weeks in advance of any event for which five (5) or more vehicles will be parked on UConn campuses to ensure that appropriate parking arrangements can be made.

See: Event Parking Requests & Day Permits for more information on event parking.

Winter Storms and Emergencies

Parking updates for winter storms and other emergencies will be communicated via the UConn Alert System and/or the Parking Services website. When UConn declares a winter parking ban, parking will not be allowed on streets, roadways or in employee or commuter lots between the hours of 1:00am and 5:00am, unless otherwise noted. Winter storm parking plans and information are published seasonally on the Parking Services website.

For questions or more information, please contact:

UConn Parking Services
3 Discovery Drive; Unit 6199
Storrs, CT 06269-6199
Phone: 860-486-4930
https://www.park.uconn.edu

POLICY HISTORY

Policy created: 08/08/2012 (Approved by the Board of Trustees)

Revisions:
07/11/2017 (Approved by the President’s Cabinet)
05/29/2025 (Approved by the Senior Policy Council and President)

[1] Connecticut General Statutes section 10a-139, Traffic regulations on the grounds of The University of Connecticut and The University of Connecticut Health Center. Disposition of fines. See also, OSTA No. 170-1411-01.

Human Stem Cell Research Approval

Posted on June 26, 2012February 2, 2024 by Brandon Murray

Title:	Human Stem Cell Research Approval
Policy Owner:	Office of the Vice President for Research
Applies to:	Employees, Faculty, Students, Other
Campus Applicability:	All Campuses
Effective Date:	May 25, 2018
For More Information, Contact	Office of the Vice President for Research
Contact Information:	(860) 486-3001
Official Website:	https://ovpr.uchc.edu/

REASON FOR POLICY

The purpose of this policy is to ensure that proposals for human embryonic stem cell (hESC) research and selected types of human induced pluripotent stem cell (iPSC) research are approved by the University’s Stem Cell Research Oversight (SCRO) Committee. This policy does not apply to primary cells isolated from human tissues that are not manipulated to become pluripotent.

The role of the SCRO Committee is to ensure that human embryonic stem cell (hESC) and selected types of human induced pluripotent stem cell (iPSC) research at all University of Connecticut campuses is well-justified and that inappropriate and/or unethical research is not conducted. The SCRO Committee facilitates the collaboration between researchers across University campuses by adopting nationally and internationally accepted standards designed to protect the University’s reputation for ethical and responsible research.

The review and approval of hESC research by the SCRO Committee (or its equivalent) is required by Connecticut law. The SCRO Committee review and approval is also required for all proposals funded by the State of Connecticut Regenerative Medicine Research Fund.

APPLIES TO

All University faculty, employees, students, postdoctoral fellows, residents and other trainees, and agents who supervise or conduct research involving hESCs and select types of iPSCs.

DEFINITIONS

Human Embryonic Stem Cell (hESC): Human embryonic stem cells are pluripotent cells that are self-replicating, derived from human embryos, and are capable of developing into cells and tissues of the three primary germ layers. Although human embryonic stem cells may be derived from embryos, such stem cells are not themselves embryos.

Human Induced Pluripotent Stem Cell (iPSC): Human induced stem cells are a type of pluripotent stem cell that have been artificially created by reprogramming non-pluripotent human cells through techniques that do not involve oocytes or embryos, e.g., through inserting genes into a somatic cell.

POLICY STATEMENT

All research projects in the following categories are required to obtain SCRO Committee approval before acquiring cells or cell lines and before commencing research:

All research involving hESCs and their derivatives;
All stem cell research involving human gametes and human embryos;
All stem cell research projects funded by the State of Connecticut, including those that do not use hESCs;
All in vitro human iPSC research involving the generation of gametes, embryos, or other types of totipotent cells; and
All in vivo research involving implantation of human iPSCs into prenatal animals or into the central nervous system of post-natal animals.

The SCRO Committee supplements but does not replace other University review processes (e.g., reviews by Institutional Animal Care and Use Committees (IACUC), Institutional Review Boards (IRB), Institutional Biological Safety Committees (IBC), etc.) and compliance with applicable legal requirements.

ENFORCEMENT

Violations of this policy may result in appropriate disciplinary measures in accordance with University By-Laws, General Rules of Conduct for All University Employees, applicable collective bargaining agreements, the University of Connecticut Student Code, and other applicable University Policies.

ADDITIONAL RESOURCES

Connecticut General Statutes §§ 4-28e and 32-41jj to 32-41mm, inclusive

NIH Stem Cell Information

POLICY HISTORY

Revisions: March 28, 2012; May 25, 2018 (Approved by President’s Cabinet)

Secure Web Application Development, Information Technology

Posted on June 21, 2012April 3, 2025 by Brandon Murray

Title:	Secure Web Application Development, Information Technology
Policy Owner:	Information Security Office
Applies to:	Students, Employees, Users
Campus Applicability:	Storrs and Regionals
Effective Date:	May 16, 2012
For More Information, Contact	Chief Information Security Officer
Contact Information:	(860) 486-8255
Official Website:	https://security.uconn.edu/

Departments will ensure that development, test, and production environments are separated. Confidential Data must not be used in the development or test environments.

Production application code shall not be modified directly without following an emergency protocol that is developed by the department, approved by the Data Steward, and includes post-emergency testing procedures.

Web servers that host multiple sites may not contain Confidential Data.

All test data and accounts shall be removed prior to systems becoming active in production.

The use of industry-standard encryption for data in transit is required for applications that process, store, or transmit Confidential Data.

Authentication must always be done over encrypted connections. University enterprise Central Authentication Service (CAS), Shibboleth, or Active Directory services must perform authentication for all applications that process, store, or transmit Confidential or Protected Data.

Change sentence to “Web application and transaction logging for applications that process, store, or transmit Confidential Data or Regulated Data must submit system-generated logs to the ITS Information Security Office. For more information please view UConn’s Logging Standard.

Departments implementing applications must retain records of security testing performed in accordance with this policy.

Policy Created: May 16, 2012