Information Technology

Domain Name System (DNS) Service Policy and Resources

The purpose of this policy is to define the terms under which the Domain Name System (DNS) is operated and maintained while also ensuring that the requirements of stakeholder groups are met. This policy is intended to ensure that the University utilizes limited DNS resources appropriately, that the University’s name and brand is protected, that security and legal risks are mitigated, and that DNS resources are allocated to the campus community appropriately.

Email Service Policy

Campus Email Service supplies email and mailing list services in support of the University's mission of education, research and public service and to conduct the University's business. Access to and use of Campus Email Service is a privilege accorded at the discretion of the University. Use of campus email service is subject to legal and policy restrictions that apply to all University property and by constraints necessary for the reliable operation of electronic communication systems and services. The Berkeley Campus reserves the right to deny access to use campus email service when necessary to satisfy these restrictions and constraints.

Minimum Security Standards for Networked Devices (MSSND)

UC Berkeley’s Minimum Security Standards identify the minimum level of protection required for devices on our campus network and devices that store, process, or access institutional information.

Minimum Security Standards for Electronic Information (MSSEI)

The Minimum Security Standards for Electronic Information (MSSEI) define minimum security standards for all UC Berkeley Institutional Information and IT Resources. All Workforce Members who use or have access to Institutional Information and/or IT Resources must comply with the applicable information security requirements defined by the MSSEI.

Roles and Responsibilities for the Protection of University Institutional Information and IT Resources (Roles and Responsibilities Policy)

A fundamental principle of information security at UC Berkeley is that all individuals in the university community have a responsibility for the security and protection of university Institutional Information and IT Resources over which they have control, according to their role(s). This policy establishes these roles and responsibilities.

Campus Online Activities Policy

Establishes policy for areas not addressed by other existing policies, related to the use of electronic resources.

Data and IT Resource Classification Standard

The UC Berkeley Data Classification Standard is UC Berkeley’s implementation of the UC Systemwide Data Classification Standard. UC BFB IS-3 establishes that Institutional Information and IT Resources must be protected according to their classifications. This Standard is a framework for assessing the adverse impact that loss of confidentiality, integrity or availability of Institutional Information and IT Resources would have upon the Campus. It provides the foundation for establishing security requirements for each classification of data. UC BFB IS-12 establishes Recovery Level (RL) to guide IT Recovery planning and preparation for IT Resources. At UC Berkeley, Recovery Level classification is required for non-research IT Infrastructure and Services to which IS-12 applies.

Computer Use Policy

In support of the University's mission of teaching, research, and public service, the University of California, Berkeley provides computing, networking, and information resources to the campus community of students, faculty, and staff. Computers and networks can provide access to resources on and off campus, as well as the ability to communicate with other users worldwide. Such open access is a privilege, and requires that individual users act responsibly. Users must respect the rights of other users, respect the integrity of the systems and related physical resources, and observe all relevant laws, regulations, and contractual obligations.

Application System Development Policy

This Policy applies to major application system development or enhancement. "Major" means either a system that has users in more than one department, or a single-department system that is expected to cost more than $100,000, to develop and implement. Cost includes hardware, software, and contract personnel.

Administering Appropriate Use of Campus Computing and Network Services

These Guidelines are intended to assist Berkeley Campus departments or units to ensure appropriate use of their computing and network services and to respond correctly to allegations of misuse. Berkeley Campus departments or units may choose to provide or not provide computing and network services to defined categories of users, and may limit the types of services they do choose to provide. These decisions are based upon consideration of campus or local department or unit missions, available resources, or other academic or business needs and priorities. Berkeley Campus departments or units who do provide computing and network services (hereinafter referred to as "Providers") must ensure that their services are administered in compliance with any applicable regulations and principles. To this end, they must keep themselves informed regarding current regulations and practices, consulting with campus authorities or documentation resources as required. Since the Campus may be viewed as one legal entity, actions taken by Providers in response to allegations of misuse must be as consistent as possible for similar situations, both within a particular department or unit as well as in comparison to others on campus. To help Providers meet this requirement, various campus resource offices are available for consultation and/or referral for action.