IS-3

Items related to BFB-IS-3: Electronic Information Security Policy

IS-3 What Units Can Do Now

Campus-level implementation of IS-3 will happen in phases. However, there are things that Units at all levels can do to get started.

IS-3 Resources

Overview

UC Business and Finance Bulletin IS-3 is the University of California’s systemwide information security policy. A major update to IS-3 was finalized in September 2018 and the new IS-3 changes the way information security risk is handled within the university. For more information visit our IS-3 Informational Page.

IS-3 Implementation

Overview

Currently, the responsibility for information security risk is not sufficiently addressed at UC Berkeley. This project will ensure that risk is understood and addressed at the appropriate organizational levels. The Information Security Office (ISO) will align UC Berkeley’s information security risk management strategy with principles of IS-3 and campus priorities and values. Additionally, we will update the fundamentals of the campus’ security program to the current standard.

ISORA and Unit Self-Assessment

What is ISORA and the Unit Self-Assessment?

ISORA is an information security risk assessment application (e.g., a survey tool).  The UC Berkeley Information Security Office (ISO) is using ISORA to facilitate assessment of campus-wide compliance with University of California’s systemwide information security policy. (UC IS-3).  

IS-3 Informational Page

Overview

UC Business and Finance Bulletin IS-3 is the University of California’s systemwide information security policy. A major update to IS-3 was finalized in September 2018. The policy and related standards are available here: https://security.ucop.edu/policies/it-policies.html. 

IS-3 Resources for Researchers

Overview

Increasingly, data sharing agreements and research funding agreements include cyber security requirements. Researchers working with protected data may be affected by the updates from the system-wide Information Security Policy (IS-3)

Where can I get detailed questions answered regarding the new IS-3?

Units interested in detailed information about IS-3 controls; roles and responsibilities; and implementation tools from the UC Systemwide Policy Office can contact ISO at security@berkeley.edu to request access to the systemwide materials.