Information Security Policies & Procedures

Overview

ISC's Office of Information Security establishes policies that comply with the University, state, and federal regulations. These policies address the requirement to protect information from disclosure, unauthorized access, loss/corruption of electronic and physical data. Along with well-documented best practices and procedures, the policies enable an organization to manage business risk through defined controls that provide a benchmark for audit and corrective action. Notable policies and best practices include:

• Computing Policies and Guidelines
• Information Security Best Practices
• Policy on Acceptable Use of Electronic Resources
• Policy on Unauthorized Copying of Copyrighted Media
• Policy on Computer Disconnection from PennNet

Procedures

• Response to a Compromised Computer with Sensitive Data
• PGP Key Signing Procedure

Guidelines

• Security Logging Guidelines
• Penn Data Risk Classification
• Use of Penn+Box and Amazon Web Services
• Computer Security Incident Handling

Best Practices

• Information Security Best Practices
• Secure Backup Best Practice

Statements

• The University of Pennsylvania Statement on Security Vulnerability Reporting and Bug Bounties

Forms

• Employee Exit IT Checklist