Key Staff Responsibilities

Below are key Staff responsibilities under the Roles and Responsibilities Policy. These reflect the realities of today’s world and recognize that we need to change the way we do things to protect the university community. Bears protect Bears!

Role:	Responsibilities:
All staff members, including student staff and volunteers Policy roles: “User” "Workforce Member”	Classify your data and systems Practice good cyber hygiene: Keep your devices and applications patched and up to date Use strong, unique passphrases -- make them long, complex, or both. UC Berkeley has free LastPass Premium for all current students, faculty, and staff! Secure all devices with a strong password or PIN, and set them to lock after a few minutes of inactivity (15 min max, shorter is better) Encrypt anything that stores sensitive information Turn on built-in anti-malware software and firewall Back up important files and data Use separate accounts for privileged (administrator) and non-privileged (user) access If you’re working with information or systems classified at Protection Level P3 or P4 or Availability Level A3 or A4, you’ll need additional controls. Work with IT to develop a plan. Complete required cybersecurity training Report security incidents and respond to security notices
Managers/supervisors of other people’s work or research (“Workforce Manager” role)	Ensure that everyone you manage/supervise understands their information security responsibilities and receives proper security training Review access rights annually Incorporate information security into processes for hiring, separation, and change of employment
Additional roles that staff may fill	See the policy for responsibilities and more complete definitions. Contact security-policy@berkeley.edu for assistance with these roles. Proprietor: Person with institutional-level responsibility for a set of information or an IT Resource Unit Head: Executive with the authority and resources to accept a Unit’s information security risk Unit Information Security Lead (UISL): Responsible for ensuring execution of information security activities within the Unit. Designated by the Unit Head; does not need to be a technical person Service Provider: Provides an IT service to their Unit or other Campus Units

Additional information:

Data Classification Standard and Guidelines
UC Berkeley’s Minimum Security Standards for Networked Devices
Acceptable Use Policies