IS-3 Resources


UC Business and Finance Bulletin IS-3 is the University of California’s systemwide information security policy. A major update to IS-3 was finalized in September 2018 and the new IS-3 changes the way information security risk is handled within the university. For more information visit our IS-3 Implementation Project page

The following resources provide additional information on the IS-3 policy. We will continue to post more information and supporting documents as they become available.

Documents, Templates, & Guides:

Policies & Standards:

Presentation Slides:

Researcher Resources:

  • IS-3 Resources for Researchers - This page highlights changes to Protection Levels on certain data types that may affect researchers.
  • How to Classify Research Data - This page provides a guideline for the considerations necessary to determine the data classification protection level for research data.

Security Lead Resources:


For questions about UC Berkeley's IS-3 implementation project, contact us at

Units interested in detailed information about IS-3 controls; roles and responsibilities; and implementation tools from the UC Systemwide Policy Office can contact ISO at to request access to the systemwide materials.