IS-3 Resources

Overview

UC Business and Finance Bulletin IS-3 is the University of California’s systemwide information security policy. A major update to IS-3 was finalized in September 2018 and the new IS-3 changes the way information security risk is handled within the university. For more information visit our IS-3 Informational Page.

IS-3 Resources:

These resources provide additional information on the IS-3 policy. We will continue to post more information and supporting documents as they become available.

Policies and Standards 

• Data Classification Standard provides the foundation for establishing security requirements for each classification of data.
• Minimum Security Standards for Electronic Information defines baseline data protection profiles for UC Berkeley campus data. The MSSEI "Quick Fix" presents an administrative update, per UC BFB IS-3, along with UC Protection Levels added next to UCB Protection Levels
• Minimum Security Standards for Networked Devices Draft defines requirements that all devices connected to the UC Berkeley network comply with. See our article highlighting the changes in the Draft.
• The Roles and Responsibilities Policy outlines information security-related roles and responsibilities.
• The IS-3 policy and related standards are available at https://security.ucop.edu/policies/it-policies.html

Protection and Availability Levels

• New UC Data Classification and Protection Levels webpage and handout
• New UC Classification of Availability Levels webpage and handout
• Image map of UC Berkeley Protection Levels moving to UC Protection Levels

Researcher-Specific

• IS-3 Resources for Researchers page highlights changes to Protection Levels on certain data types that may affect researchers

Slide Decks

• The Information Security Office "roadshow" slide deck addressing implementation plan (login required)
• Roles and Responsibilities Policy Draft - Highlights

FAQs

• UCOP FAQs page: https://security.ucop.edu/files/documents/policies/is-3-faq.pdf

For questions about UC Berkeley's IS-3 implementation project, contact us at security@berkeley.edu

Units interested in detailed information about IS-3 controls; roles and responsibilities; and implementation tools from the UC Systemwide Policy Office can contact ISO at security@berkeley.edu to request access to the systemwide materials.