The University of California Office of the President has issued major revisions to the Electronic Information Security Policy (IS-3) following a systemwide review.We would like to highlight a few of those changes in this message. The full policy is available online.
The policy was revised to provide an updated security framework that protects UC’s institutional information/data and IT resources from accidental or intentional unauthorized access, loss or damage. It follows both a standards- and risk-based approach to information security.
The policy now recognizes a set of best practices and security controls that are crucial for UC to:
obtain cybersecurity insurance
ensure faculty are eligible for certain federal research/grant
comply with standards from the federal Department of Education
comply with the Office of Civil Rights guidance on HIPAA compliance and PCI 3.X
The revised policy will replace the current IS-3 policy and retire the Inventory, Classification, and Release of University Electronic Information (IS-2) and Systems Development Standards (IS-10) policies and the Incident Response Guide.
An Office of the President website also provides guidance on frequently asked questions https://security.ucop.edu/policies/frequently-asked-questions.html.
For questions about the implementation of this policy on the UC Santa Cruz campus, email ITpolicy@ucsc.edu.