Campus-level implementation of IS-3 will happen in phases. However, there are things that Units at all levels can do to get started, even as campus-level implementation is in progress:
Be aware that Protection Levels are changing. UC now uses a 1-4 scale, while Berkeley has been using a 0-3 scale. This means that all PL numbers will be changing. There are also category changes for certain types of information, so its not as simple as just adding 1 to the current PL number. ISO has been working on Berkeley's updated Data Classification Standard Draft and it's available for review. The UC Data Classification Standard and Guide are also available to review. At a high level, this is what you’ll see:
Learn about the new Availability Levels. This is a new concept for information security at UC. Availability Level refers to the impact of loss of availability or service, measured on a scale of 1-4. A4 is the highest level of impact and A1 is the lowest. Availability Level helps to determine what protections are required to ensure that information and resources are available when needed. The four Availability Levels are described the Berkeley Data Classification Standard Draft. Additional information is also available in the UC Data Classification Standard and Guide.
- Identify and classify Institutional Information and IT Resources that the Unit is responsible for:
- Use the new UC Protection Levels
- Register any UC P3 and UC P4 assets in NetReg that would be considered Institutional Devices or Privileged Access Devices. For UC P3, use Berkeley Data Protection Level 1; for UC P4, use Berkeley Data Protection Level 2 or 3, as appropriate.
- Begin to think about the Availability Levels of your information and IT Resources
- Work on bringing your Unit into compliance with UC Berkeley’s current minimum security standards. IS-3 will build on these, so this is a good place to start:
- Familiarize yourself with the roles and responsibilities identified in IS-3 through our Roles and Responsibilities Policy Draft. Key roles include Workforce Members, Researchers, Unit Heads, Unit Security Leads, Information and Resource Proprietors, Service Providers, and Workforce Managers. Learn even more at the UCOP Quick Start Guide.