IS-3

Items related to BFB-IS-3: Electronic Information Security Policy

Secure Access Management Toolkit

Secure access management is essential for protecting sensitive data and systems. It ensures that only authorized users have the right level of access, reducing the risk of data breaches, insider threats, and operational disruptions. Learn how to improve managing access to your system with these tips and resources.

Onboarding and Offboarding Checklists

Effective user access management is crucial for maintaining security and operational efficiency within an organization. Including user access management within an onboarding/offboarding process can help streamline access for new hires...

Workstation Encryption Guide

Welcome to the IS-3 Annual Theme webpage for FY24! On this page you will find practical tools, resources and videos for encrypting the workstations in your unit.

Option #1: Berkeley Managed Desktop Service
(Recommended)

Enroll your workstations in the Berkeley Managed Desktop service, which offers a number of benefits such as:

Encryption by default for newly enrolled desktop and laptop computers Standard operating system and software Automated...

IS-3 Annual Themes

Secure Access Management

Secure access management is essential for protecting sensitive data and systems. It ensures that only authorized users have the right level of access, reducing the risk of data breaches, insider threats, and operational disruptions.

Check out our IS-3 Secure Access Management Guide to get started!

Unit Self-Assessment and Isora GRC

Overview

As part of UC Berkeley’s implementation of UC Electronic Information Security Policy BFB-IS-3 (IS-3), each Unit is responsible for completing and periodically reviewing and updating a high-level IS-3 Unit Self-Assessment. The assessment and resulting report are designed to identify areas of risk to help focus a Unit’s security activities for the following year.

The value of the Unit Self-Assessment comes both from the process of completing it, which identifies strengths and...

IS-3 Unit Assessment Tableau Dashboards

The UC Berkeley Information Security Office (ISO) has created Tableau dashboards that contain the campus' IS-3 Unit Assessment data. The dashboards are a data visualization and reporting tool to help Units and campus leadership track and analyze compliance with IS-3 as part of our Cyber Risk Management Program.

There are three Tableau dashboards to aid in measuring progress across campus with IS-3 compliance:

Unit Dashboard: This dashboard can be used to track compliance progress...

Information Security Policy Guide for Units

This is a living document last updated July 11, 2025 I. Introduction

The UC system wide policy UC Electronic Information Security Policy BFB-IS-3 (IS-3) establishes that Units are responsible for the appropriate protection of Institutional Information and IT Resources within the Unit. IS-3 identifies specific information security-related requirements and...

Cyber Risk Management Program

Welcome to UC Berkeley’s Cyber Risk Management Program service page. Berkeley’s Cyber Risk Management Program is a holistic program to help Units manage cyber risk as well as compliance with IS-3, UC's systemwide electronic information security policy.

Here you will find information and resources to help your Unit with its ongoing cyber risk management and annual IS-3 review.

Jump to: Key Program Principles |...

IS-3 Resources

Overview

UC Business and Finance Bulletin IS-3 is the University of California’s systemwide information security policy. A major update to IS-3 was finalized in September 2018 and changed the way information security risk is handled within the university.

The following resources provide additional information on the IS-3 policy and campus implementation. We will continue to post more information and supporting documents as they become available. For historical information about the campus' multi-year roll-out of foundational IS-3 elements to academic and administrative...

IS-3 Informational Page

Overview

UC Business and Finance Bulletin IS-3 is the University of California’s systemwide information security policy. A major update to IS-3 was finalized in September 2018. The policy and related standards are available here: https://security.ucop.edu/policies/it-policies.html.

The new IS-3 changed the way information security risk is handled within the university. Foundational elements include:

Security...

IS-3 Implementation

Overview

The update of UC's Electronic Information Security Policy, IS-3, in 2018 brought changes to the way information security risk is managed at UC, and here at Berkeley. This project is designed to integrate IS-3's requirements and principles into Berkeley's existing information security program in a way that aligns with core campus priorities and values. It will help to ensure that risk is understood and addressed at the appropriate organizational levels, and includes updating the fundamentals of the campus’ security program to current UC and industry...