Quick References

Policies, Standards, Guidelines, Procedures, and Forms

Information security is governed primarily by Cal Poly's Information Security Program (ISP) and Responsible Use Policy (RUP). The ISP and RUP are supplemented by additional policies, standards, guidelines, procedures, and forms designed to ensure campus compliance with applicable policies, laws and regulations.

To help safeguard and secure campus information and information resources, all users and campus departments are expected to adhere to these policies and standards where applicable or to request an exception. These policies are not intended to prevent, prohibit or inhibit the sanctioned use of campus information assets as required to meet Cal Poly's core mission and academic and administrative goals.

Please report suspected violations to abuse@calpoly.edu and direct comments, questions and other inquiries to iso@calpoly.edu.

All documents linked to on this page are PDF format unless otherwise noted.

Topics Policies Standards Guidelines/Procedures/Forms
Access/Accounts/Authorization

Information Security Program

 

Responsible Use Policy

 

Cal Poly Core Computer Accounts

Managing Computer Accounts

Account Eligibility and Purge Information

Account Request Forms

Confidentiality Agreements

Data Disposition Guidelines for Employees Whose Status Changes

Leaving Cal Poly

Password Expiration

Anti-Virus (see Malware)      
Appropriate Use Responsible Use Policy RUP Overview and Summary

Use of Electronic Recording Devices

RUP FAQs

RUP Examples of Responsible and Irresponsible Uses

RUP Implementation Practices

Asset Management Information Security Program    
Business Continuity and Disaster Recovery Information Security Program   Cal Poly Business Continuity Plan
Classification, Handling, and Protection of Information

Information Security Program

 

Responsible Use Policy

Information Classification and Handling Standard

 

Computing Devices Standard

 

 

Encryption Methods and Recommended Practices

 

 

 

Commercial Use Responsible Use Policy    
Computer Crimes

Responsible Use Policy

 

Computer Crimes Policy

 

Removing Networked Devices from the Cal Poly Network

Computer/Device Security

Information Security Program

 

Responsible Use Policy

Computing Devices Standard

 

Vulnerability Assessment and Management Standard

 

Information Security Risk Asset Definition and Risk Asset Examples

 

Computing Device: Configuration (server)

Computing Device: Documentation (server)

Computing Device: Configuration (nonserver)

Computing Device: Documentation (nonserver)

Computing Devices Inventory - for both server and non-server devices (XLSX)

Equipment Decommissioning Checklist - for both server and non-server devices (DOCX)

Confidentiality and Privacy

Information Security Program

 

Responsible Use Policy

 

Use and Release of Student Information (FERPA)

 

Confidentiality of Library Records

HIPAA

 

Confidentiality Security Agreements

 

Security Breach Notifications (1386)

 

University Advancement Security and Confidentiality Agreement

Copier/Printer Security

 

Information Security Program

 

Responsible Use Policy

Computing Devices Standard

White Paper: Canon imageRUNNER Security (PDF)

AFD Response to imageRUNNER Security White Paper (PDF)

AFD ANTS Technical Documents: Canon Copier Configuration (DOC)

How to use the "Initialize All Data/Settings Option" on Canon Devices (PDF)

Copyright, Trademark, and Patents

Responsible Use Policy

Compliance with HEOA Peer-to-Peer File Sharing Requirements

DMCA Procedures: Cal Poly Response to Copyright Infringement Claims

 

DMCA Notifications Procedures

 

Cal Poly Trademark Licensing

 

OSSR Student Conduct Process

Disposition of Protected Data and University Devices

Information Security Program

 

Responsible Use Policy

Disposition of Protected Data Standard

 

Record Retention and Disposition Standard

 

Email Retention Standard

Confidential Shred Services

 

ITS Storage Media Disposal Form (DOC)

 

Data Disposition Guidelines for Employees Whose Status Changes

 

Record Retention and Disposition Schedules

 

Designated Information Authorities of CP Records

 

Property Procedures

Dropbox Services Information Security Program Information Classification and Handling Standard Dropbox Guidance
Electronic Mail

Responsible Use Policy

 

Electronic Mail Policies

 

Email Retention Standard

 

Administration of Decentralized Electronic Mail Standard

Electronic Mail and Messaging: Reporting Policy Violations

 

How to View Full Message ARPA Headers

 

Electronic Mail Guidelines and Related Procedures

 

Data Disposition Guidelines for Employees Whose Status Changes

Encryption Information Security Program

Information Classification and Handling Standard

 

Computing Devices Standard

Encryption Methods and Recommended Practices

 

Family Educational Rights and Privacy Act (FERPA)

A Summary of FERPA

Student Access to Records

Records Maintained by Cal Poly FERPA FAQs
Harassment

Responsible Use Policy

 

Electronic Mail and Messaging Policy

  Employment Equity Complaint Process
HIPAA CSU HIPAA Policy    
Identity Theft Information Security Program (Red Flag Rule) Identity Theft (Red Flag) Program and Security Incident Reporting Procedure

Identity Theft Resource Center

Incident Response and Management

Information Security Program

 

Responsible Use Policy

Computing Devices Standard

 

Incident Response Program Standard

RUP Implementation Practice

 

Reporting Abuse

 

IT Policy Violation Notification

 

Litigation Holds Guidelines

Litigation Holds Information Security Program Email Retention Standard

Litigation Holds Guidelines

Malware (e.g., Viruses, Worms, Spyware)

Information Security Program

 

Responsible Use Policy

 

Computer Crimes Policy

Computing Devices Standard

Removal, FAQs, and Reporting Procedures

 

Potentially Infected Computer Notification to Users

Network Security (see also Wireless Network)

Information Security Program

 

Responsible Use Policy

Network Security

 

Network Configuration Compliance

 

Cal Poly Network Communication

Devices: Standards and Responsibilities

 

Residence Hall Student Computing Agreement

Attaching Network Communication Devices to the Cal Poly Network

 

Removing Networked Devices from the Cal Poly Network

 

Exception Procedure for Connecting Non-Standard Equipment to the Network

Organization/Governance Information Security Program  

Information Security Coordinators

 

Designated Information Authorities of CP Records

 

Security Contacts

Passwords

Information Security Program

 

Responsible Use Policy

Cal Poly Passwords Password Expiration
Payment Card Industry Data Security Standards Information Security Program Payment Card Industry Data Security Standards  
Peer-to-Peer File Sharing (see Copyright, Trademark, and Patents)      
Personnel Security

Information Security Program

  Confidentiality Security Agreements
Phishing

Responsible Use Policy

 

Electronic Mail and Messaging Policy

 

Reporting Abuse - Email Procedures

 

What is Phishing?

Physical Security Information Security Program    
Policy Management Information Security Program    
Political Advocacy Responsible Use Policy    
Recording Devices Responsible Use Policy   Use of Electronic Recording Devices
Record Retention/Disposition Information Security Program

Record Retention and Disposition Standard

 

Email Retention Standard

Record Retention and Disposition Schedules

 

Data Disposition Guidelines for Employees Whose Status Changes

 

Designated Information Authorities of CP Records

Risk Management/Assessment Information Security Program

Risk Self-Assessment Standard

 

Vulnerability Assessment and Management Standard

Level 1 Information Asset Form for workstations (XLS)

 

Information Security Coordinators

 

Information Security Risk Asset Definition and Risk Asset Examples

Security Awareness Training Information Security Program  

Information Security Awareness Training Handout

 

Security Training, Materials, and Presentations

Software/System Acquisition (see also Web Applications)

Information Security Program

 

Responsible Use Policy

 

Software Acquisition Policy

Software Acquisition Standards

Software Decision Process

 

Technology Purchases

 

Electronic and Information Technology (E&IT) Acquisition Checklist (DOC)

SPAM

Responsible Use Policy

 

Electronic Mail and Messaging Policy

 

SPAM Alerts

Reporting SPAM

Third Party Contracts

Information Security Program

 

Software Acquisition Policy

Software Acquisition Standards

Software Acquisition Process

 

Technology Purchases

 

Electronic and Information Technology (E&IT) Acquisition Checklist (DOC)

Viruses/Worms (see Malware)      
Web Applications

Information Security Program

 

Responsible Use Policy

 

Software Acquisition Policy

Software Acquisition Standards

 

Web Application: Approval Process

 

Web Application: Development Standard

 

Web Application: Security Vulnerabilities

 

Web Application: Software Testing

 

Web Application: Version Control

Software Decision Process

 

Technology Purchases

 

Electronic and Information Technology (E&IT) Acquisition Checklist (DOC)

 

Compliance Process Guide (WARC)

 

Information Security Risk Asset Definition and Risk Asset Examples

Websites and Accessibility to Digital Content Responsible Use Policy Web Accessibility Standards Compliance Process Guide (WARC)
Wireless Networks

Information Security Program

 

Responsible Use Policy

 

University Airwaves Policy

Wireless Airwaves Standards

Attaching Network Communication Devices to the Cal Poly Network

Removing Networked Devices from the Cal Poly Network

Exception Procedure for Connecting Non-Standard Equipment to the Network

Wireless Clicker (Classroom Response System) FAQs

Wireless Clicker (Classroom Response System) Strategy

 

Current Issue

Heartbleed Security Breach

Heartbleed

Security Tips

10 Best Pactices

Our 10 Best Pactices

Contact Us

Contact Information Security at 756-7000

Contacts

Did you know?

Stay Safe Online