The University of California Office of the President has issued major revisions to the Electronic Information Security Policy (IS-3) following a systemwide review.
We would like to highlight a few of those changes in this message. The full policy is available online.
The policy was revised to provide an updated security framework that protects UC’s institutional information/data and IT resources from accidental or intentional unauthorized access, loss or damage. It follows both a standards- and risk-based approach to information security.
The policy now recognizes a set of best practices and security controls that are crucial for UC to:
- obtain cybersecurity insurance
- ensure faculty are eligible for certain federal research/grant
- contracts
- comply with standards from the federal Department of Education
- comply with the Office of Civil Rights guidance on HIPAA compliance and PCI 3.X
The revised policy will replace the current IS-3 policy and retire the Inventory, Classification, and Release of University Electronic Information (IS-2) and Systems Development Standards (IS-10) policies and the Incident Response Guide.
An Office of the President website also provides guidance on frequently asked questions https://security.ucop.edu/policies/frequently-asked-questions.html.
For questions about the implementation of this policy on the UC Santa Cruz campus, email ITpolicy@ucsc.edu.
