IS-3 What Units Can Do Now

Campus-level implementation of IS-3 will happen in phases. However, there are things that Units at all levels can do to get started, even as campus-level implementation is in progress:

  • Be aware that Protection Levels are changing. UC now uses a 1-4 scale, while Berkeley has been using a 0-3 scale. This means that all PL numbers will be changing. There are also category changes for certain types of information, so its not as simple as just adding 1 to the current PL number. ISO is currently working on a draft of Berkeley's updated Data Classification Standard and will link here when available. In the meantime, the UC Data Classification Standard and Guide are here: https://security.ucop.edu/policies/institutional-information-and-it-resource-classification.html. At a high level, this is what you’ll see:

  • Learn about the new Availability Levels. This is a new concept for information security at UC. Availability Level refers to the impact of loss of availability or service, measured on a scale of 1-4. A4 is the highest level of impact and A1 is the lowest. Availability Level helps to determine what protections are required to ensure that information and resources are available when needed. The four Availability Levels are described in the UC Data Classification Standard and Guide: https://security.ucop.edu/policies/institutional-information-and-it-resource-classification.html and will be added to the Berkeley Data Classification Standard, and linked here, when available.