UC Berkeley’s Implementation of IS-3


UC BFB IS-3, Electronic Information Security, is UC’s systemwide electronic information security policy. 

UCB affirms the policy goals of IS-3:

  1. Preserve academic freedom and research collaboration
  2. Protect privacy
  3. Follow a risk-based approach
  4. Maintain confidentiality
  5. Protect integrity
  6. Ensure availability

The following UC Berkeley policies, standards, and related documents constitute UC Berkeley’s implementation of IS-3: 

Information Security Management Program (ISMP)

UC Berkeley has a documented campus-level Information Security Management Program (ISMP).

The ISMP includes:

  • Campus Information Security Program Elements mapped to the NIST CSF Framework
  • An overview of Information Security Risk Governance at UC Berkeley
  • Information security risk decision authority and escalation
  • Requirements for ISMP review and acceptance

Risk Treatment Plan Approach

UC Berkeley uses a Risk Treatment Plan approach for managing information security risk, as described in Section I of the MSSEI. The MSSEI constitutes UC Berkeley’s Risk Treatment Plan.

Additional Campus Resources Related to IS-3 Implementation