Policies, Standards, Guidelines, Procedures, and Forms

Information security is governed primarily by Cal Poly's Information Security Program (ISP) and Responsible Use Policy (RUP). The ISP and RUP are supplemented by additional policies, standards, guidelines, procedures, and forms designed to ensure campus compliance with applicable policies, laws and regulations.

To help safeguard and secure campus information and information resources, all users and campus departments are expected to adhere to these policies and standards where applicable or to request an exception. These policies are not intended to prevent, prohibit or inhibit the sanctioned use of campus information assets as required to meet Cal Poly's core mission and academic and administrative goals.

Please report suspected violations to abuse@calpoly.edu and direct comments, questions and other inquiries to infosec@calpoly.edu

All documents linked to on this page are PDF format unless otherwise noted.

Topics Policies Standards Guidelines/Procedures/Forms
Access/Accounts/Authorization

Information Security Program (ISP)

 

Responsible Use Policy

 

Cal Poly Core Computer Accounts

Managing Computer Accounts

Account Eligibility and Purge Information

 

Account Request Forms

 

Confidentiality Agreements

 

Data Disposition Guidelines for Employees Whose Status Changes

 

Password Expiration

Anti-Virus (see Malware)      
Appropriate Use Responsible Use Policy RUP Overview and Summary

RUP FAQs

 

RUP Examples of Responsible and Irresponsible Uses

 

RUP Implementation Practices

 

Use of Electronic Recording Devices

Asset Management Information Security Program (ISP)    
Business Continuity and Disaster Recovery Information Security Program (ISP)   Cal Poly Business Continuity Planning
Classification, Handling, and Protection of Information

Information Security Program (ISP)

 

Responsible Use Policy

Information Classification and Handling Standard

 

Computing Devices Standard

 

 

Encryption Methods and Recommended Practices

 

 

 

Commercial Use Responsible Use Policy    
Computer Crimes

Responsible Use Policy

 

Computer Crimes Policy

   
Computer/Device Security

Information Security Program (ISP)

 

Responsible Use Policy

Computing Devices Standard

 

Vulnerability Assessment and Management Standard

 

Information Security Risk Asset Definition and Risk Asset Examples

 

Computing Device: Configuration (server)

Computing Devices Inventory - for both server and non-server devices (XLSX)

 

Equipment Decommissioning Checklist - for both server and non-server devices (DOCX)

Confidentiality and Privacy

Information Security Program (ISP)

 

Responsible Use Policy

 

Use and Release of Student Information (FERPA)

 

HIPAA

 

Confidentiality of Library Records

 

Privacy Notice

 

Confidentiality Security Agreements

 

Security Breach Notifications (1386)

 

University Advancement Security and Confidentiality Agreement

Copier/Printer Security

 

Information Security Program (ISP)

 

Responsible Use Policy

Computing Devices Standard

White Paper: Canon imageRUNNER Security (PDF

 

AFD Response to imageRUNNER Security White Paper (PDF)

 

AFD ANTS Technical Documents: Canon Copier Configuration (DOC)

 

How to use the "Initialize All Data/Settings Option" on Canon Devices (PDF)

Copyright, Trademark, and Patents Responsible Use Policy Compliance with HEOA Peer-to-Peer File Sharing Requirements

DMCA Procedures: Cal Poly Response to Copyright Infringement Claims

 

DMCA Notifications Procedures

 

Cal Poly Trademark Licensing

 

OSSR Student Conduct Process

Disposition of Protected Data and University Devices

Information Security Program (ISP)

 

Responsible Use Policy

Disposition of Protected Data Standard

 

Record Retention and Disposition Standard

 

Email Retention Standard

Confidential Shred Services

 

ITS Storage Media Disposal Form (DOC)

 

Data Disposition Guidelines for Employees Whose Status Changes

 

Record Retention and Disposition Schedules

 

Designated Information Authorities of CP Records

 

Property Procedures

Dropbox Services Information Security Program (ISP) Information Classification and Handling Standard

Data and Cloud Storage & Sharing (OneDrive)

Electronic Mail

Responsible Use Policy

 

Electronic Mail Policies

 

Email Retention Standard

 

 

Electronic Mail and Messaging: Reporting Policy Violations

 

Reporting Phishing Emails with ARPA Headers

 

Electronic Mail Guidelines and Related Procedures

 

Data Disposition Guidelines for Employees Whose Status Changes

Encryption Information Security Program (ISP)

Information Classification and Handling Standard

 

Computing Devices Standard

Encryption Methods and Recommended Practices

 

Family Educational Rights and Privacy Act (FERPA)

A Summary of FERPA

Student Access to Records

Records Maintained by Cal Poly

FERPA FAQs

Departmental FERPA Release Form

Harassment

Responsible Use Policy

 

Electronic Mail and Messaging Policy

  Equal Opportunity Office Complaint Process
HIPAA CSU HIPAA Policy  

 

Information and Communication Technology (ICT) Decisions

Information Security Program (ISP)

 

ICT Decisions Policy

 

Accessible Technology Initiative

ICT Decisions Standard and Responsibilities

 

Section 508 Standards

 

ICT Refresh Standards (Section 508 and Section 255)

ICT Decision Review Process and OverviewProcess Flow and Related Forms (Online Form, VPAT, EEAAP, etc.)

 

HECVAT 

 

Third-Party Vendor Review Process Flow

Identity Theft Information Security Program (ISP) Identity Theft (Red Flag) Program and Security Incident Reporting Procedure

Identity Theft Resource Center

Incident Response and Management

Information Security Program (ISP)

 

Responsible Use Policy

Computing Devices Standard

 

Incident Response Program Standard

RUP Implementation Practice

 

Reporting Abuse

 

IT Policy Violation Notification

 

Litigation Holds Guidelines

Litigation Holds Information Security Program (ISP) Email Retention Standard

Litigation Holds Guidelines

Malware (e.g., Viruses, Worms, Spyware)

Information Security Program (ISP)

 

Responsible Use Policy

 

Computer Crimes Policy

Computing Devices Standard

Removal, FAQs, and Reporting Procedures

 

Potentially Infected Computer Notification to Users

Network Security (see also Wireless Network)

Information Security Program (ISP)

 

Responsible Use Policy

Network Security

 

Network Configuration Compliance

 

Devices: Standards and Responsibilities

 

Residence Hall Student Computing Agreement

Exception Procedure for Connecting Non-Standard Equipment to the Network

Organization/Governance Information Security Program (ISP)  

Designated Information Authorities of CP Records

 

Security Contacts

Passwords

Information Security Program (ISP)

 

Responsible Use Policy

Cal Poly Passwords Password Expiration
Payment Card Industry Data Security Standards Information Security Program (ISP) Payment Card Industry Data Security Standards  
Peer-to-Peer File Sharing (see Copyright, Trademark, and Patents)      
Personnel Security Information Security Program (ISP)   Confidentiality Security Agreements
Phishing

Responsible Use Policy

 

Electronic Mail and Messaging Policy

 

Report Phishing and Spam

 

What is Phishing?

Physical Security Information Security Program (ISP)    
Policy Management Cal Poly Administrative Policy    
Political Advocacy Responsible Use Policy    
Recording Devices Responsible Use Policy   Use of Electronic Recording Devices
Record Retention/Disposition Information Security Program (ISP)

Record Retention and Disposition Standard

 

Email Retention Standard

Record Retention and Disposition Schedules

 

Data Disposition Guidelines for Employees Whose Status Changes

 

Designated Information Authorities of CP Records

Risk Management/Assessment Information Security Program (ISP)

Risk Self-Assessment Standard

 

Vulnerability Assessment and Management Standard

Level 1 Information Asset Form for workstations (XLS)

 

Information Security Risk Asset Definition and Risk Asset Examples

Security Awareness Training Information Security Program (ISP)  

Information Security Awareness Training Resources

Software/System Acquisition (see also  Electronic & Information Technology Decisions, Web Applications)

Information Security Program (ISP)

 

ICT Decisions Policy

 

Accessible Technology Initiative

ICT Decisions Standard and Responsibilities

 

Section 508 Standards

 

ICT Refresh Standards (Section 508 and Section 255)

ICT Decision Review Process and OverviewProcess Flow and Related Forms (Online Form, VPAT, EEAAP, etc.)

 

HECVAT Light and Full forms.

 

Third-Party Vendor Review Process Flow

 

Technology Purchases

SPAM

Responsible Use Policy

 

Electronic Mail and Messaging Policy

 

SPAM Alerts

Reporting SPAM

Third Party Contracts

Information Security Program (ISP)

 

ICT Decisions Policy

 

Accessible Technology Initiative

ICT Decisions Standard and Responsibilities

 

Section 508 Standards

 

ICT Refresh Standards (Section 508 and Section 255)

 

ICT Decision Review Process and OverviewProcess Flow and Related Forms (Online Form, VPAT, EEAAP, etc.)

 

HECVAT 

 

Third-Party Vendor Review Process Flow

 

 

Technology Purchases

Viruses/Worms (see Malware)      
Web Applications, Websites, and Accessibility to Digital Content

Information Security Program (ISP)

 

Responsible Use Policy

 

ICT Decisions Policy

 

Accessible Technology Initiative

ICT Decisions Standard and Responsibilities

 

Section 508 Standards

 

ICT Refresh Standards (Section 508 and Section 255)

 

Web Accessibility Standards

 

Web Application: Approval Process

 

Web Application: Development Standard

 

Web Application: Security Vulnerabilities

 

Web Application: Software Testing

 

Web Application: Version Control

 

ICT Decision Review Process and OverviewProcess Flow and Related Forms (Online Form, VPAT, EEAAP, etc.)

 

Technology Purchases

 

Information Security Risk Asset Definition and Risk Asset Examples

Wireless Networks

Information Security Program (ISP)

 

Responsible Use Policy

 

Two-Way Radio Communications in VHF and UHF Bands

 

Exception Procedure for Connecting Non-Standard Equipment to the Network

 

Wireless Clicker (Classroom Response System) FAQs

 

Wireless Clicker (Classroom Response System) Strategy

 

Related Content

Best Practices

10 Best Pactices

Our 10 Best Pactices

Contact Us

Contact Information Security at 756-7000

Contacts

Did you know?

Stay Safe Online Tips