Information Technology

Roles and Responsibilities for the Protection of University Institutional Information and IT Resources (Roles and Responsibilities Policy)

A fundamental principle of information security at UC Berkeley is that all individuals in the university community have a responsibility for the security and protection of university Institutional Information and IT Resources over which they have control, according to their role(s). This policy establishes these roles and responsibilities.

Read more about Roles and Responsibilities for the Protection of University Institutional Information and IT Resources (Roles and Responsibilities Policy)

Campus Online Activities Policy

Establishes policy for areas not addressed by other existing policies, related to the use of electronic resources.

Read more about Campus Online Activities Policy

Data and IT Resource Classification Standard

The UC Berkeley Data Classification Standard is UC Berkeley’s implementation of the UC Systemwide Data Classification Standard. UC BFB IS-3 establishes that Institutional Information and IT Resources must be protected according to their classifications. This Standard is a framework for assessing the adverse impact that loss of confidentiality, integrity or availability of Institutional Information and IT Resources would have upon the Campus. It provides the foundation for establishing security requirements for each classification of data. UC BFB IS-12 establishes Recovery Level (RL) to guide IT Recovery planning and preparation for IT Resources. At UC Berkeley, Recovery Level classification is required for non-research IT Infrastructure and Services to which IS-12 applies.

Read more about Data and IT Resource Classification Standard

Computer Use Policy

In support of the University's mission of teaching, research, and public service, the University of California, Berkeley provides computing, networking, and information resources to the campus community of students, faculty, and staff. Computers and networks can provide access to resources on and off campus, as well as the ability to communicate with other users worldwide. Such open access is a privilege, and requires that individual users act responsibly. Users must respect the rights of other users, respect the integrity of the systems and related physical resources, and observe all relevant laws, regulations, and contractual obligations.

Read more about Computer Use Policy

Application System Development Policy

This Policy applies to major application system development or enhancement. "Major" means either a system that has users in more than one department, or a single-department system that is expected to cost more than $100,000, to develop and implement. Cost includes hardware, software, and contract personnel.

Read more about Application System Development Policy

Domain Name System (DNS) Service Policy

The Information Systems and Technology - Communication and Network Services (CNS) department is the steward of the Berkeley Campus network. In fulfilling that role, CNS serves as the central point of contact for the outside world and has responsibility to ensure that management of this University resource complies with applicable laws and regulations.

Read more about Domain Name System (DNS) Service Policy

Minimum Security Standards for Networked Devices - (MSSND)

UC Berkeley’s Minimum Security Standards identify the minimum level of protection required for devices on our campus network and devices that store, process, or access institutional information.

Read more about Minimum Security Standards for Networked Devices - (MSSND)

Administering Appropriate Use of Campus Computing and Network Services

These Guidelines are intended to assist Berkeley Campus departments or units to ensure appropriate use of their computing and network services and to respond correctly to allegations of misuse. Berkeley Campus departments or units may choose to provide or not provide computing and network services to defined categories of users, and may limit the types of services they do choose to provide. These decisions are based upon consideration of campus or local department or unit missions, available resources, or other academic or business needs and priorities. Berkeley Campus departments or units who do provide computing and network services (hereinafter referred to as "Providers") must ensure that their services are administered in compliance with any applicable regulations and principles. To this end, they must keep themselves informed regarding current regulations and practices, consulting with campus authorities or documentation resources as required. Since the Campus may be viewed as one legal entity, actions taken by Providers in response to allegations of misuse must be as consistent as possible for similar situations, both within a particular department or unit as well as in comparison to others on campus. To help Providers meet this requirement, various campus resource offices are available for consultation and/or referral for action.

Read more about Administering Appropriate Use of Campus Computing and Network Services

Privacy and Online Monitoring

Defines requirements for notice, analysis, review, and approval of routine monitoring practices. If monitoring involves electronic communications, the escalation process for non-routine use of monitoring data must meet the requirements of the systemwide Electronic Communications policy.