Standard for Compliance with Legal and Contractual Requirements

I. Purpose

The purpose of this standard is to establish the university’s obligation to ensure compliance with all relevant statutory, regulatory, and contractual requirements in order to avoid breaches related to information security.

II. Scope

It is the responsibility of university executives and department heads to identify all legislation applicable to their organization and to put the appropriate guidelines and procedures in place to meet the compliance requirements.

III. Contacts

Direct any general questions about this standard to your unit’s Information Security Liaison. If you have specific questions, please contact OneIT Information Security Compliance at

IV. Standard

All relevant statutory, regulatory, and contractual requirements and the university’s approach to meet these requirements should be explicitly identified, documented and kept up to date. The specific controls and individual responsibilities to meet these requirements should also be defined and documented.

Related Resources

ISO/IEC 27002 was adopted by The University of North Carolina at Charlotte in 2012. All standards and guidelines are based on this code of practice for Information Security Management.

Revision History

Initially approved by Information Assurance Committee 11/06/14
Updated 12/02/21