Standards & Guidelines

Information Security is guided by University Policy 311 Information Security and the internationally recognized ISO/IEC 27002 code of practice. Standards and guidelines support Policy 311:

  • Standards outline the minimum requirements designed to address certain risks and specific requirements that ensure compliance with Policy 311. These provide a basis for verifying compliance through audits and assessments. All units must comply with the standards by following prescribed procedures or by developing unit-specific procedures that meet or exceed the minimum requirements established by the standards.
  • Guidelines offer general recommendations or instructions that provide a framework for achieving compliance with standards. They are more technical in nature and are updated on a more frequent basis to account for changes in technology and/or University practices.