Standards & Guidelines

Information Security is guided by University Policy 311 Information Security and the internationally recognized ISO/IEC 27002 code of practice. Standards and guidelines support Policy 311:

  • Standards outline the minimum requirements designed to address certain risks and specific requirements that ensure compliance with Policy 311. These provide a basis for verifying compliance through audits and assessments. All units must comply with the standards by following prescribed procedures or by developing unit-specific procedures that meet or exceed the minimum requirements established by the standards.
  • Guidelines offer general recommendations or instructions that provide a framework for achieving compliance with standards. They are more technical in nature and are updated on a more frequent basis to account for changes in technology and/or University practices.

Access Control

Business Continuity Management

Communications Security


Data Management

Encryption and Cryptographic Controls

Human Resources Security

Information Security Incident Management

Information Security Organization

Mobile and Remote Access

Operations Security

Physical and Environmental Security

System Acquisition, Development and Maintenance

Vendors and External Parties