Overview
ISC's Office of Information Security establishes policies that comply with the University, state, and federal regulations. These policies address the requirement to protect information from disclosure, unauthorized access, loss/corruption of electronic and physical data. Along with well-documented best practices and procedures, the policies enable an organization to manage business risk through defined controls that provide a benchmark for audit and corrective action. Notable policies and best practices include:
- Computing Policies and Guidelines
- Information Security Best Practices
- Policy on Acceptable Use of Electronic Resources
- Policy on Unauthorized Copying of Copyrighted Media
- Policy on Computer Disconnection from PennNet
Procedures
Guidelines
- Security Logging Guidelines
- Penn Data Risk Classification
- Use of PennBox and Amazon Web Services
- Computer Security Incident Handling
- Guidelines on Incident Response Cost Coverage
- Securing Office 0365 Collaboration Tools
- Guidance on Large Language Models
- Statement on Guidance for the University of Pennsylvania (Penn) Community on the Use of Generative Artificial Intelligence