IS-3 Resources

Overview

UC Business and Finance Bulletin IS-3 is the University of California’s systemwide information security policy. IS-3 defines how information security risk is handled within the university. 

The following resources provide information and supporting documents relating to IS-3 and UC Berkeley's implementation of IS-3. 

Policy & Campus Implementation:

• BFB-IS-3: Electronic Information Security (IS-3) - The University of California’s systemwide information security policy.
• UC Berkeley’s Implementation of IS-3 - The collection of UC Berkeley policies, standards and related documents that constitute UC Berkeley's Implementation of IS-3.
• Cyber Risk Management Program (CRMP) - The campus CRMP is a holistic program to help Units manage cyber risk as well as compliance with IS-3.

Documents, Templates, & Guides:

• Campus Information Security Incident Response Plan - This plan describes the overall plan for responding to Information Security Incidents at UC Berkeley. 
• Classification of Availability Levels webpage - Summary definitions and key examples of each Availability Level.
• Data Classification and Protection Levels webpage - Summary definitions and key examples of each Protection Level.
• Information Security Management Program (ISMP)
  • Campus-Level ISMP:  The campus-level ISMP describes the overall Information Security Management Program for UC Berkeley.
  • Unit-Level Template: Also included is a unit-level template that provides a starting point for Units to develop their local security plan documentation.
• Information Security Policy Guide for Units - This guide creates a “one stop shop” of Unit responsibilities at UC Berkeley with respect to the security and protection of Institutional Information and IT Resources. 
• Key Responsibilities Under the Roles and Responsibilities Policy - Everyone plays a vital role in protecting Berkeley Campus data. This guide contains key responsibilities under the Roles and Responsibilities Policy for everyone and links to Faculty, Staff, Student, and Researcher specific content.
• Minimum Security Standards for Networked Devices (MSSND) How to Secure Devices - Step-by-step instructions for how to configure your device to meet campus policy.

Researcher Resources:

• IS-3 Resources for Researchers - This page highlights changes to Protection Levels on certain data types that may affect researchers.
• How to Classify Research Data - This page provides a guideline for the considerations necessary to determine the data classification protection level for research data.

Security Lead Resources:

• See UISL Links and Resources - This page provides documentation and assets created by the Information Security Office for implementation and support of the Security Lead role under the campus Cyber Risk Management Program.

FAQs:

• UCOP's IS-3 FAQ page: https://security.ucop.edu/files/documents/policies/is-3-faq.pdf

For questions about IS-3 implementation at UC Berkeley, contact us at is3@berkeley.edu.

Units interested in detailed information about IS-3 controls; roles and responsibilities; and implementation tools from the UC Systemwide Policy Office can contact ISO at is3@berkeley.edu to request access to the systemwide materials.