Cal Poly Information Security Standards

To help safeguard and secure campus information and information resources, all users and campus departments are expected to adhere to these standards where applicable, or to request an exception.

Accounts

• Managing Computer Accounts Standard

Data Management

• Information Classification and Handling Standard
• Record Retention and Disposition Standard
• Risk Self-Assessment and Inventory Standard

Device Management

• Computing Devices Standard
• Disposition of Protected Data Standard [PDF]
• Vulnerability Assessment and Management Standard

Information and Communication Technology (ICT) Decisions

• ICT Decisions Standard
• ICT Decisions Standard - Responsibilities

Electronic Mail

• Administration of Decentralized Email Systems Standard
• Email Retention Standard

Incident Response

• Identity Theft (Red Flag) Program and Security Incident Reporting Procedure
• Incident Response Program Standard

Networking

• Network Configuration Compliance Standard
• Network Security Standard

Passwords

• Cal Poly Passwords Standard

Web Applications

• Web Application Approval Process Standard
• Web Application Development Standard
• Web Application Security Vulnerabilities Standard
• Web Application Software Testing Standard
• Web Application Version Control Standard

Exception Requests

• IT / Information Security Exception Request Process