Information Security is guided by University Policy 311 Information Security and the internationally recognized ISO/IEC 27002 code of practice. Standards and guidelines support Policy 311:
Standards outline the minimum requirements designed to address certain risks and specific requirements that ensure compliance with Policy 311. These provide a basis for verifying compliance through audits and assessments. All units must comply with the standards by following prescribed procedures or by developing unit-specific procedures that meet or exceed the minimum requirements established by the standards.
Guidelines offer general recommendations or instructions that provide a framework for achieving compliance with standards. They are more technical in nature and are updated on a more frequent basis to account for changes in technology and/or University practices.
Business Continuity Management
Encryption and Cryptographic Controls
Human Resources Security
Information Security Incident Management
Information Security Organization
Physical and Environmental Security
System Acquisition, Development and Maintenance
Vendors and External Parties