UC Business and Finance Bulletin IS-3 is the University of California’s systemwide information security policy. A major update to IS-3 was finalized in September 2018 and the new IS-3 changes the way information security risk is handled within the university. For more information visit our IS-3 Informational Page.
These resources provide additional information on the IS-3 policy. We will continue to post more information and supporting documents as they become available.
Policies and Standards
- Data Classification Standard provides the foundation for establishing security requirements for each classification of data.
- Minimum Security Standards for Electronic Information defines baseline data protection profiles for UC Berkeley campus data. The MSSEI "Quick Fix" presents an administrative update, per UC BFB IS-3, along with UC Protection Levels added next to UCB Protection Levels
- Minimum Security Standards for Networked Devices Draft defines requirements that all devices connected to the UC Berkeley network comply with. See our article highlighting the changes in the Draft.
- The Roles and Responsibilities Policy outlines information security-related roles and responsibilities.
- The IS-3 policy and related standards are available at https://security.ucop.edu/policies/it-policies.html
Protection and Availability Levels
- New UC Data Classification and Protection Levels webpage and handout
- New UC Classification of Availability Levels webpage and handout
- Image map of UC Berkeley Protection Levels moving to UC Protection Levels
- IS-3 Resources for Researchers page highlights changes to Protection Levels on certain data types that may affect researchers
- The Information Security Office "roadshow" slide deck addressing implementation plan (login required)
- Roles and Responsibilities Policy Draft - Highlights
- UCOP FAQs page: https://security.ucop.edu/files/documents/policies/is-3-faq.pdf
For questions about UC Berkeley's IS-3 implementation project, contact us at firstname.lastname@example.org
Units interested in detailed information about IS-3 controls; roles and responsibilities; and implementation tools from the UC Systemwide Policy Office can contact ISO at email@example.com to request access to the systemwide materials.