UC Business and Finance Bulletin IS-3 is the University of California’s systemwide information security policy. A major update to IS-3 was finalized in September 2018 and the new IS-3 changes the way information security risk is handled within the university. For more information visit our IS-3 Informational Page.
These resources provide additional information on the IS-3 policy. We will continue to post more information and supporting documents as they become available.
For a list of all the currently onboarded Units visit our Unit Heads and Security Leads page. Additional Units will be added to the page as they are onboarded by ISO. If you don't see your Unit listed and need support please contact firstname.lastname@example.org.
Policies and Standards
- Data Classification Standard provides the foundation for establishing security requirements for each classification of data.
- Minimum Security Standards for Electronic Information defines baseline data protection profiles for UC Berkeley campus data. The MSSEI "Quick Fix" presents an administrative update, per UC BFB IS-3, along with UC Protection Levels added next to UCB Protection Levels
- Minimum Security Standards for Networked Devices Draft defines requirements that all devices connected to the UC Berkeley network comply with. See our article highlighting the changes in the Draft.
- The Roles and Responsibilities Policy outlines information security-related roles and responsibilities.
- The IS-3 policy and related standards are available at https://security.ucop.edu/policies/it-policies.html
Protection and Availability Levels
- New UC Data Classification and Protection Levels webpage and handout
- New UC Classification of Availability Levels webpage and handout
- Image map of UC Berkeley Protection Levels moving to UC Protection Levels
- IS-3 Resources for Researchers page highlights changes to Protection Levels on certain data types that may affect researchers
- The Information Security Office "roadshow" slide deck addressing implementation plan (login required)
- Roles and Responsibilities Policy Draft - Highlights
- UCOP FAQs page: https://security.ucop.edu/files/documents/policies/is-3-faq.pdf
For questions about UC Berkeley's IS-3 implementation project, contact us at email@example.com
Units interested in detailed information about IS-3 controls; roles and responsibilities; and implementation tools from the UC Systemwide Policy Office can contact ISO at firstname.lastname@example.org to request access to the systemwide materials.