Critical PennNet Components

A critical component is a  server or application which, if compromised, could significantly harm the University. Schools and centers may optionally designate any hosts as critical if its compromise could significantly harm the local unit. Examples of significant harm could include legal liability, reputational damage, interruption of critical business functions, and disclosure of confidential information.

Penn's Computer Security Policy

The Computer Security Policy can be read in full at the following URL:

http://www.upenn.edu/computing/group/npc/approved/20100308-computersecurity.html

It defines requirements for servers that store confidential or operational University data (see the policy for a definition of these terms), including devices hosted on third-party networks by outside service providers. One of the requirements is registration as a Critical Component.

Critical Components Registration

https://medley.isc-seo.upenn.edu/criticalComponents/jsp/fast.do

To access this application you will need to have an account setup by your security liaison. If you are unsure who this is, please contact our office at security@isc.upenn.edu.