Policies, Standards, and Guidelines


Electronic Communications Policy
The University of California Electronic Communications Policy establishes principles, rules, and procedures applying to all members of the University community to specifically address issues particular to the use of electronic communications. It clarifies the applicability of law to electronic communications and references other University guidelines to ensure consistent application of the Electronic Communications Policy on all University campuses. [View ECP Policy]

IS-3 Electronic Information Security
The purpose of this bulletin is to establish guidelines for achieving appropriate protection of University electronic information resources and to identify roles and responsibilities at all levels in the University of California system. [View IS-3 Policy]

IS-12 IT Recovery
The purpose of this bulletin is to establish guidelines to prepare the ability to recover Institutional Information and IT Resources in the event of an unavoidable or unforeseen disaster, whether natural or human-made. [View IS-12 Policy]

Standards and Guidelines

UCOP Information Security Management Program
The program covers roles and responsibilities, allocation of resources, cyber incident escalation, exceptions and the risk management process. The program describes administrative, technical, and physical safeguards used to protect Institutional Information and IT Resources. The program is implemented using a risk-based, layered approach . [View Program - Requires UCOP login]

UCOP Payment Card Industry (PCI) Standard
PCI DSS provides a baseline of technical and operational requirements designed to protect account data. This document defines the UCOP policies, standards, and procedures for compliance with the credit card security requirements as required by the Payment Card Industry Data Security Standard (PCI DSS) Program. [View PCI standard - Requires UCOP login]

UCOP Security Incident Response Plan
The goal of the Electronic Information Security Incident Response Plan is to ensure our ability to detect and respond effectively to Information Security Incidents and reduce the likelihood of recurrence. It defines the roles and responsibilities of participants, classification of Information Security Incidents, reporting requirements, and relationships to other policies and procedures. [View Incident Response Plan - Requires UCOP login]

UCOP International Travel Information Security

We recognize that there may be circumstances where UCOP staff require access to UC systems and/or data while outside the United States.  As most countries have unfettered rights to your device, and both border control and local police have the right to demand passwords and access which cannot be refused, UCOP Information Security has provided recommendations and requirements for access to UCOP data. View International Travel Information Security guidance.

Additional Resources