Revisions to the policy on Electronic Information Security (IS-3)

To: UC Santa Cruz Community

From: Mary Doyle, Vice Chancellor, Information Technology Services

The Office of the President invites comments on a proposed revisions to the policy on Electronic Information Security (IS-3).

The policy provides a security framework that protects UC’s Institutional Information and IT Resources from accidental or intentional unauthorized access, loss or damage, while preserving UC’s collaborative academic culture. It is modeled on a recognized set of best practices and security controls from the International Organization for Standardization (ISO). Use of a standards-based approach is crucial for UC to obtain cybersecurity insurance, take advantage of vendor services based on these standards, ensure faculty eligibility for certain federal research contracts and expected standard from the federal Department of Education.  

The proposed systemwide policy is available online.

 The follow additional background information has been included:

  • Abstract/Executive Brief
  • IT Policy Glossary
  • Frequently Asked Questions (FAQ)

A systemwide website also provides resources to support reviewers and eventual adoption of the policy:

Comments may be submitted to the UC Santa Cruz Policy Coordination Office by close of business Friday, July 21, 2017, at