IS-3

Items related to BFB-IS-3: Electronic Information Security Policy

IS-3 Posters and Flyers 2021

Security is a shared responsibility. We all have a part to play.

Learn how to protect your data.

Click on the image(s) to download the pdfs.

IS-3 Implementation

Overview

UC's Electronic Information Security Policy, IS-3, brings changes to the way information security risk is managed at UC, and here at Berkeley. This project is designed to integrate IS-3's requirements and principles into Berkeley's existing information security program in a way that aligns with core campus priorities and values. It will help to ensure that risk is understood and addressed at the appropriate organizational levels, and includes updating the fundamentals of the campus’ security program to current UC and industry standards....

IS-3 Informational Page

Overview

UC Business and Finance Bulletin IS-3 is the University of California’s systemwide information security policy. A major update to IS-3 was finalized in September 2018. The policy and related standards are available here: https://security.ucop.edu/policies/it-policies.html.

The new IS-3 changes the way information security risk is handled within the university. Foundational elements include:

Security...

Unit Self-Assessment and Isora GRC

Overview

As part of UC Berkeley’s implementation of UC Electronic Information Security Policy BFB-IS-3 (IS-3), each Unit will be responsible for annually reviewing and updating a high-level IS-3 Unit Self-Assessment. The assessment and resulting report are designed to identify areas of risk to help focus a Unit’s security activities for the following year.

The value of the Unit Self-Assessment comes from the process of completing it, which identifies strengths and areas for improvement...

IS-3 Resources for Researchers

Overview

Increasingly, data sharing agreements and research funding agreements include cyber security requirements. Researchers working with protected data may be affected by the updates from the system-wide Information Security Policy (IS-3).

If you’re conducting research on behalf of UC, you’re considered a Workforce Member and should follow the requirements for that role. Additionally, if you’re working with information...

IS-3 Resources

Overview

UC Business and Finance Bulletin IS-3 is the University of California’s systemwide information security policy. A major update to IS-3 was finalized in September 2018 and the new IS-3 changes the way information security risk is handled within the university. For more information visit our IS-3 Implementation Project page

The following resources provide additional information on the IS-3 policy. We will continue to post more information and supporting documents as they become available...

Information Security Policy Guide for Units

DRAFT: This is a working draft last updated Mar. 10, 2021 I. Introduction

The UC system wide policy UC Electronic Information Security Policy BFB-IS-3 (IS-3) establishes that Units are responsible for the appropriate protection of Institutional Information and IT Resources within the Unit. IS-3 identifies specific information security-related requirements and...

Where can I get detailed questions answered regarding the new IS-3?

Units interested in detailed information about IS-3 controls; roles and responsibilities; and implementation tools from the UC Systemwide Policy Office can contact ISO at security@berkeley.edu to request access to the systemwide materials.