Major revisions to the Electronic Information Security Policy

To: UC Santa Cruz Community

From: Byron Walker, Chief Information Security Officer

The University of California Office of the President has issued major revisions to the Electronic Information Security Policy (IS-3) following a systemwide review.

We would like to highlight a few of those changes in this message. The full policy is available online.

The policy was revised to provide an updated security framework that protects UC’s institutional information/data and IT resources from accidental or intentional unauthorized access, loss or damage. It follows both a standards- and risk-based approach to information security.

The policy now recognizes a set of best practices and security controls that are crucial for UC to:

  • obtain cybersecurity insurance
  • ensure faculty are eligible for certain federal research/grant
  • contracts
  • comply with standards from the federal Department of Education
  • comply with the Office of Civil Rights guidance on HIPAA compliance and PCI 3.X

The revised policy will replace the current IS-3 policy and retire the Inventory, Classification, and Release of University Electronic Information (IS-2) and Systems Development Standards (IS-10) policies and the Incident Response Guide.

An Office of the President website also provides guidance on frequently asked questions

For questions about the implementation of this policy on the UC Santa Cruz campus, email