IS-3 Informational Page


UC Business and Finance Bulletin IS-3 is the University of California’s systemwide information security policy. A major update to IS-3 was finalized in September 2018. The policy and related standards are available here:

The new IS-3 changes the way information security risk is handled within the university. Foundational elements include:

  • Security is a shared responsibility - everyone has a role
  • IS-3 focuses on risk management; risk assessment is key
  • Units are responsible for managing their own risk 
  • Many requirements are based on Protection Level and Availability Level
    • UC Berkeley’s Protection Levels have been updated to align with the new UC systemwide scale of P1-P4.
  • There is a new concept of Availability Level -- the impact of loss of availability of information and resources, also on a scale of A1-A4

UC Berkeley's Implementation of IS-3 page provides more information.