Policy Development and Administration

The Policy-Making Process

1. Identify a policy need.
2. Draft a new or revise an existing University Policy.
3. Review by the Policy Manager.
4. Solicit feedback on the draft from the NAU community.
5. Approval by the Policy Owner.

Policies Open for Comment

The following draft University Policies are currently under development and are open to the University community for review and comment until the date listed. Please submit your feedback via email to policy@nau.edu. All feedback will be considered prior to finalizing the draft for approval.

• NAU Brand Compliance – Comment period closes at 5pm on 2/5/2026
  • Proposed Policy
• Access Management – Comment period closes at 5pm on 2/6/2026
  • Proposed Policy (Redline)
  • Proposed Authentication Standard (Redline)
  • Proposed User Account Types Standard (Redline)
  • Current Policy and Standards
• Data Classification and Handling – Comment period closes at 5pm on 2/6/2026
  • Proposed Policy (Redline)
  • Proposed Data Handling Protocols (Redline)
  • Proposed Data Type Examples (Redline)
  • Current Policy, Protocols, and Data Type Examples
• Device Configuration Management – Comment period closes at 5pm on 2/6/2026
  • Proposed Policy (Redline)
  • Proposed Standards (Redline)
  • Current Policy and Standards
• Electronic Mail – Comment period closes at 5pm on 2/6/2026
  • Proposed Policy (Redline)
  • Current Policy
• Information Security – Comment period closes at 5pm on 2/6/2026
  • Proposed Policy (Redline)
  • Proposed Standards – Auditing, Logging, and Monitoring (Redline)
  • Proposed Standards – Software Patch Management (Redline)
  • Current Policy and Standards
• Information Security Awareness Training – Comment period closes at 5pm on 2/6/2026
  • Proposed Policy (Redline)
  • Current Policy
• Web Application Security – Comment period closes at 5pm on 2/6/2026
  • Proposed Policy (Redline)
  • Proposed Standards (Redline)
  • Current Policy