Information Security is guided by University Policy 311 Information Security and the internationally recognized ISO/IEC 27002 code of practice. Standards and guidelines support Policy 311:
Standards outline the minimum requirements designed to address certain risks and specific requirements that ensure compliance with Policy 311. These provide a basis for verifying compliance through audits and assessments. All units must comply with the standards by following prescribed procedures or by developing unit-specific procedures that meet or exceed the minimum requirements established by the standards.
Guidelines offer general recommendations or instructions that provide a framework for achieving compliance with standards. They are more technical in nature and are updated on a more frequent basis to account for changes in technology and/or University practices.
Business Continuity Management
Information Security Incident Management
Information Security Organization
Physical and Environmental Security
System Acquisition, Development and Maintenance
Vendors and External Parties