Search form

Search ISC ...

Get Started
- IT Staff
- Faculty
- Staff
- Students
- Alumni & Guests
- ISC Staff
Services
Security
Collaborations
News
Events
About
Hot Topics
Get IT Help

Information Security Policies & Procedures

Overview

ISC's Office of Information Security establishes policies that comply with the University, state, and federal regulations. These policies address the requirement to protect information from disclosure, unauthorized access, loss/corruption of electronic and physical data. Along with well-documented best practices and procedures, the policies enable an organization to manage business risk through defined controls that provide a benchmark for audit and corrective action. Notable policies and best practices include:

Computing Policies and Guidelines
Information Security Best Practices
Policy on Acceptable Use of Electronic Resources
Policy on Unauthorized Copying of Copyrighted Media
Policy on Computer Disconnection from PennNet

Procedures

Response to a Compromised Computer with Sensitive Data

Guidelines

Security Logging Guidelines
Penn Data Risk Classification
Use of PennBox and Amazon Web Services
Computer Security Incident Handling
Guidelines on Incident Response Cost Coverage
Securing Office 0365 Collaboration Tools

Best Practices

Information Security Best Practices
Secure Backup Best Practice

Statements

The University of Pennsylvania Statement on Security Vulnerability Reporting and Bug Bounties

Forms

Employee Exit IT Checklist

Visit ISC on LinkedIn

Print

InfoSec Home

Resources

NIST (800-53) Security and Privacy Controls for Information Systems and Organizations
NIST (800-171) Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations
Security Liaisons

Contact InfoSec

Computing Policies
Tech Jobs @ Penn

System Status