The Office of the Vice President and Chief Information Officer invites comments on drafts of a presidential policy, “Electronic Information Security” (IS-3), and a corresponding glossary for all information security and information technology policies. 

The policy provides a security framework that protects UC’s institutional information and IT resources from accidental or intentional unauthorized access, loss, or damage while preserving UC’s collaborative academic culture. It is modeled on a recognized set of best practices and security controls from the International Organization for Standardization (ISO). Use of a standards-based approach is crucial for UC to obtain cybersecurity insurance, take advantage of vendor services based on these standards, and ensure faculty eligibility for certain federal research contracts that deal with Controlled Unclassified Information (CUI). 

We recommend the following order of review: 

  1. Policy Abstract 
  2. Frequently Asked Questions (FAQ) 
  3. Draft Glossary for Information Security and Information Technology Policies  
  4. Draft Presidential policy on Electronic Information Security, IS-3 

A systemwide website also provides resources to support reviewers and eventual adoption of the policy.

Employees covered by this policy who wish to provide comments on the proposed revisions may submit them to PolicyStaffComments@ucsf.edu  by July 15, 2017. Please indicate “Electronic Information Security Policy” in the subject line.