Information Technology

Roles and Responsibilities for the Protection of University Institutional Information and IT Resources (Roles and Responsibilities Policy)

A fundamental principle of information security at UC Berkeley is that all individuals in the university community have a responsibility for the security and protection of university Institutional Information and IT Resources over which they have control, according to their role(s). This policy establishes these roles and responsibilities.

Read more about Roles and Responsibilities for the Protection of University Institutional Information and IT Resources (Roles and Responsibilities Policy)

Data and IT Resource Classification Standard

The UC Berkeley Data Classification Standard is UC Berkeley’s implementation of the UC Systemwide Data Classification Standard. UC BFB IS-3 establishes that Institutional Information and IT Resources must be protected according to their classifications. This Standard is a framework for assessing the adverse impact that loss of confidentiality, integrity or availability of Institutional Information and IT Resources would have upon the Campus. It provides the foundation for establishing security requirements for each classification of data. UC BFB IS-12 establishes Recovery Level (RL) to guide IT Recovery planning and preparation for IT Resources. At UC Berkeley, Recovery Level classification is required for non-research IT Infrastructure and Services to which IS-12 applies.

Read more about Data and IT Resource Classification Standard

Computer Use Policy

In support of the University's mission of teaching, research, and public service, the University of California, Berkeley provides computing, networking, and information resources to the campus community of students, faculty, and staff. Computers and networks can provide access to resources on and off campus, as well as the ability to communicate with other users worldwide. Such open access is a privilege, and requires that individual users act responsibly. Users must respect the rights of other users, respect the integrity of the systems and related physical resources, and observe all relevant laws, regulations, and contractual obligations.

Read more about Computer Use Policy

Application System Development Policy

This Policy applies to major application system development or enhancement. "Major" means either a system that has users in more than one department, or a single-department system that is expected to cost more than $100,000, to develop and implement. Cost includes hardware, software, and contract personnel.

Read more about Application System Development Policy

Administering Appropriate Use of Campus Computing and Network Services

These Guidelines are intended to assist Berkeley Campus departments or units to ensure appropriate use of their computing and network services and to respond correctly to allegations of misuse. Berkeley Campus departments or units may choose to provide or not provide computing and network services to defined categories of users, and may limit the types of services they do choose to provide. These decisions are based upon consideration of campus or local department or unit missions, available resources, or other academic or business needs and priorities. Berkeley Campus departments or units who do provide computing and network services (hereinafter referred to as "Providers") must ensure that their services are administered in compliance with any applicable regulations and principles. To this end, they must keep themselves informed regarding current regulations and practices, consulting with campus authorities or documentation resources as required. Since the Campus may be viewed as one legal entity, actions taken by Providers in response to allegations of misuse must be as consistent as possible for similar situations, both within a particular department or unit as well as in comparison to others on campus. To help Providers meet this requirement, various campus resource offices are available for consultation and/or referral for action.

Read more about Administering Appropriate Use of Campus Computing and Network Services

Departmental Information Security Contact Policy

This Policy establishes responsibilities of Departments and Information Security Contacts in order to ensure that the UC Berkeley Information Security Office (ISO) is able to contact departments in the event of a security incident. The ability to quickly contact responsible personnel and have them take appropriate action is critical in mitigating the negative effects of an incident.

Read more about Departmental Information Security Contact Policy

Copyright Notices on Campus Websites

Although a notice is not legally required to assert copyright on works published on and after March 1, 1989, displaying a copyright notice on websites is still a very good idea. A notice clarifies who owns the work, emphasizes that the owner asserts copyright, and encourages contact by those who wish to use the material. If any legal disputes arise, a posted notice may help defend against claims of "innocent infringement".

Read more about Copyright Notices on Campus Websites

BFB-IS-3: Electronic Information Security (2019)

Brief description of delegated authority: appoint responsible parties to implement the IS-3 policy for the Berkeley campus Date: 10/25/2019 Delegated from: Chief Information Officer and Vice President - Information Technology Services, Office of the President Delegated to: Chancellor Can redelegate? Yes Original document source: https://policy.ucop.edu/doc/7000543/BFB-IS-3

Read more about BFB-IS-3: Electronic Information Security (2019)

« first View: Taxonomy term
‹ previous View: Taxonomy term
1 of 2 View: Taxonomy term
2 of 2 View: Taxonomy term (Current page)