Key Faculty Responsibilities

Below are key Faculty responsibilities under the Roles and Responsibilities Policy. These reflect the realities of today’s world and recognize that we need to change the way we do things to protect the university community. Bears protect Bears!

Role:	Responsibilities:
All faculty members and researchers Policy roles: “User” "Workforce Member”	Classify your data and systems. Also see How to Classify Research Data. Practice good cyber hygiene: Keep your devices and applications patched and up to date Use strong, unique passphrases -- make them long, complex, or both. UC Berkeley has free LastPass Premium(link is external) for all current students, faculty, and staff! Secure all devices with a strong password or PIN, and set them to lock after a few minutes of inactivity (15 min max, shorter is better) Encrypt anything that stores sensitive information Turn on built-in anti-malware software and firewall Back up important files and data Use separate accounts for privileged (administrator) and non-privileged (user) access If you’re working with information or systems classified at Protection Level P3 or P4 or Availability Level A3 or A4, you’ll need additional controls. Work with IT to develop a plan. Complete required cybersecurity training Report security incidents and respond to security notices
Managers/supervisors of other people’s work or research (“Workforce Manager” role)	Ensure that everyone you manage/supervise understands their information security responsibilities and receives proper security training Review access rights annually Incorporate information security into processes for hiring, separation, and change of employment
Faculty members in a Researcher role	Protect the confidentiality of research subjects and research data. Contacts: CPHS \| Research IT Follow your PI’s security protocols
Principal Investigators	Work with Research IT on a plan to meet Data Use Agreements and other security requirements Develop clear security protocols for anyone working with you, and review access rights annually Work with your department’s Buyer or Procurement to purchase IT tools, software, or services
Additional roles that faculty may fill	See the policy for responsibilities and more complete definitions. Contact itpolicy@berkeley.edu for assistance with these roles. Proprietor: Person with institutional-level responsibility for a set of information or an IT Resource Unit Head: Executive with the authority and resources to accept a Unit’s information security risk Service Provider: Provides an IT service to their Unit or other Campus Units

Additional information:

Data Classification Standard and Guidelines
UC Berkeley’s Minimum Security Standards for Networked Devices
Acceptable Use Policies