Overview
UC Business and Finance Bulletin IS-3 is the University of California’s systemwide information security policy. A major update to IS-3 was finalized in September 2018 and the new IS-3 changes the way information security risk is handled within the university. For more information visit our IS-3 Informational Page.
IS-3 Resources:
These resources provide additional information on the IS-3 policy. We will continue to post more information and supporting documents as they become available.
Policies and Standards
- Data Classification Standard provides the foundation for establishing security requirements for each classification of data.
- Minimum Security Standards for Electronic Information defines baseline data protection profiles for UC Berkeley campus data. The MSSEI "Quick Fix" presents an administrative update, per UC BFB IS-3, along with UC Protection Levels added next to UCB Protection Levels
- The IS-3 policy and related standards are available at https://security.ucop.edu/policies/it-policies.html
Protection and Availability Levels
- New UC Data Classification and Protection Levels webpage and handout
- New UC Classification of Availability Levels webpage and handout
- Image map of UC Berkeley Protection Levels moving to UC Protection Levels
Researcher-Specific
- IS-3 Resources for Researchers page highlights changes to Protection Levels on certain data types that may affect researchers
Slide Decks
- The information Security Office "roadshow" slide deck addressing implementation plan (login required)
FAQs
- UCOP FAQs page: https://security.ucop.edu/files/documents/policies/is-3-faq.pdf
For questions about UC Berkeley's IS-3 implementation project, contact us at security@berkeley.edu
Units interested in detailed information about IS-3 controls; roles and responsibilities; and implementation tools from the UC Systemwide Policy Office can contact ISO at security@berkeley.edu to request access to the systemwide materials.