Policy and Guidance


Policies: High level statements, equivalent to organizational law, that drive decision making within the University. University policies are subject to a rigorous review process.  The University's information security policies reside on the University's policy website. 

Standards: Minimum requirements designed to address certain risks and specific requirements that ensure compliance with a policy or standard. These provide a basis for verifying compliance through audits and assessments. All units must meet the standards supporting the Information Security Policy and are encouraged to adopt local standards that exceed the minimum requirements.

Procedures:  Step-by-step instructions for accomplishing a task. Procedures published by Info Sec are designed to reinforce University policies. Procedures may also play an important role in maintaining compliance with regulations.

Guidelines:  General recommendations or instructions that provide a framework for achieving compliance with policies. They are more technical in nature than policies and standards and are updated on a more frequent basis to account for changes in technology and/or University practices.


Policies, Standards, Procedures and Guidelines

IS-S1200     Risk Assessment Standard 

IS-P1200     Risk Assessment Procedure
                    Includes 2016 Procedure, Workbook, Reference Materials -- NetID and Password required

IS-G1200     Unit Asset Identification Guideline

                     Asset Identification Workbook Guideline