Good Practices & Procedures

The ISS Good Practices page provides information, recommendations, checklists, templates and procedures for both IT Service Consumers and Service Providers.


University policy requires you to change your passwords at least every six months, use strong passwords and separate passwords for each account.  You should not use the same or similar passwords on your personal accounts, for example, an online banking account.  While the minimum length for university passwords is seven characters, longer, strong passwords are significantly more difficult for attackers to break.

Protected Computing/Servers 

A wide variety of lists of recommended practices to protect information and your computer are available and it is often confusing to know which to follow.  Reduce the risk of an information breach by following the UNH IT Protected Computing Practices  and Server Best Practices

Reducing Your Risk When Internet Browsing

Use these practices when browsing the Internet to protect  your information and computer:  Reducing Your Risk

Administrator's Account

ISS recommends that all UNH computer users access the Internet only when using a non-administrative account.  This provides additional protection against downloading of malicious software such as viruses and trojans but does not replace an up-to-date antivirus program.  For assistance with creating your non-administrative user account, contact your departmental IT support or the IT Service Desk,  or use following documents which provide guidance for a non-administrative account on your PC:

Email and Communications

Both IT Service Consumers and Service Providers can reduce the risk from malicious emails or other communications by using these  Email Good Practices.  When sending personally identifiable information (PII) in emails, protection should be provided as recommended in  PII in Email.


Good practices for computers servers can vary depending on the type of server and services in question, as well as the type of information the server stores or processes. Some basic concepts apply to all servers and this list describes some of these commonly used basic tenets.  

Printers and Copiers

Good practices for printers and copiers can vary depending on the type and manufacturer of the device, as well as the type of information the device stores or processes.  This list describes good practices that apply to the installation and operation of most of these devices.   

Mobile Device Protection

If you use a mobile device, such as a smartphone or tablet computer, to access UNH services or information, it is critical that you protect the device and the information accessed by, or stored on, the device.  For guidance, you may use the following information sources and services :   

IT Confidentiality Agreement (Employee Non-Disclosure Agreement)

Persons who handle restricted or sensitive information, or who operate IT systems that store, transfer or process such information, should sign a confidentiality agreement. Doing so helps educate those persons about protecting the systems and information, and helps to establish expectations. In some situations, the signing of a confidentiality agreement is required by policy or contract.

The confidentiality agreement template provided here is available for your use as appropriate. Where the use of such agreement has legal implications, it is recommended that you seek legal advice to verify that your intended use is appropriate for your situation.   Download a copy of the  Confidentiality Agreement (PDF)