Policies, Standards, Guidelines, Procedures, and Forms

Information security is governed primarily by Cal Poly's Information Security Program (ISP) and Responsible Use Policy (RUP). The ISP and RUP are supplemented by additional policies, standards, guidelines, procedures, and forms designed to ensure campus compliance with applicable policies, laws and regulations.

To help safeguard and secure campus information and information resources, all users and campus departments are expected to adhere to these policies and standards where applicable or to request an exception. These policies are not intended to prevent, prohibit or inhibit the sanctioned use of campus information assets as required to meet Cal Poly's core mission and academic and administrative goals.

Please report suspected violations to abuse@calpoly.edu and direct comments, questions and other inquiries to iso@calpoly.edu.

All documents linked to on this page are PDF format unless otherwise noted.

Topics	Policies	Standards	Guidelines/Procedures/Forms
Access/Accounts/Authorization	Information Security Program Responsible Use Policy Cal Poly Core Computer Accounts	Managing Computer Accounts	Account Eligibility and Purge Information Account Request Forms Confidentiality Agreements Leaving Cal Poly Password Expiration
Anti-Virus (see Malware)
Appropriate Use	Responsible Use Policy	RUP Overview and Summary	Use of Electronic Recording Devices RUP FAQs RUP Examples of Responsible and Irresponsible Uses RUP Implementation Practices
Asset Management	Information Security Program
Business Continuity and Disaster Recovery	Information Security Program		Cal Poly Business Continuity Plan
Classification, Handling, and Protection of Information	Information Security Program Responsible Use Policy	Information Classification and Handling Standard Computing Devices Standard	Encryption Methods and Recommended Practices How to Encrypt Items How to Open Encrypted Items How to Encrypt Full Disk How to Decrypt Full Disk Using Zimbra Briefcase to Share Protected Files
Commercial Use	Responsible Use Policy
Computer Crimes	Responsible Use Policy Computer Crimes Policy		Removing Networked Devices from the Cal Poly Network
Computer/Device Security	Information Security Program Responsible Use Policy	Computing Devices Standard	Information Security Risk Asset Definition Computing Device: Configuration (server) Cooling and Backup Power Guide (DOCX) Fire Notification and Equipment Guide (DOCX) Computing Device: Documentation (server) Computing Device: Configuration (nonserver) Computing Device: Documentation (nonserver) Computing Devices Inventory - for both server and non-server devices (XLSX) Equipment Decommissioning Checklist - for both server and non-server devices (DOCX)
Confidentiality and Privacy	Information Security Program Responsible Use Policy FERPA Policy on Student Access to their Records Use and Release of Student Information (FERPA) Confidentiality of Library Records HIPAA		Confidentiality Security Agreements FERPA FAQs Security Breach Notifications (1386) University Advancement Security and Confidentiality Agreement
Copier/Printer Security	Information Security Program Responsible Use Policy	Computing Devices Standard	White Paper: Canon imageRUNNER Security (PDF) AFD Response to imageRUNNER Security White Paper (PDF) AFD ANTS Technical Documents: Canon Copier Configuration (DOC) How to use the "Initialize All Data/Settings Option" on Canon Devices (PDF)
Copyright, Trademark, and Patents	Responsible Use Policy	Compliance with HEOA Peer-to-Peer File Sharing Requirements	DMCA Procedures: Cal Poly Response to Copyright Infringement Claims DMCA Notifications Procedures Cal Poly Trademark Licensing OSSR Student Conduct Process
Disposition of Protected Data and University Devices	Information Security Program Responsible Use Policy	Disposition of Protected Data Standard Record Retention and Disposition Standard Electronic Mail Retention Standard	Confidential Shred Services Record Retention and Disposition Schedules Designated Information Authorities of CP Records Property Procedures
Dropbox Services	Information Security Program	Information Classification and Handling Standard	Dropbox Guidance
Electronic Mail	Responsible Use Policy Electronic Mail Policies	Electronic Mail Retention Standard Administration of Decentralized Electronic Mail Standard	Electronic Mail and Messaging: Reporting Policy Violations How to View Full Message ARPA Headers Electronic Mail Guidelines and Related Procedures
Encryption	Information Security Program	Information Classification and Handling Standard Computing Devices Standard	Encryption Methods and Recommended Practices How to Encrypt Items How to Open Encrypted Items How to Encrypt Full Disk How to Decrypt Full Disk
FERPA	FERPA Policies and Procedures		FERPA FAQs FERPA Summary Information
Harassment	Responsible Use Policy Electronic Mail and Messaging Policy		Employment Equity Complaint Process
HIPAA	CSU HIPAA Policy
Identity Theft	Information Security Program (Red Flag Rule)		Identity Theft Resource Center
Incident Response and Management	Information Security Program Responsible Use Policy	Computing Devices Standard Incident Response Program Standard	RUP Implementation Practice Reporting Abuse IT Policy Violation Notification Litigation Holds Guidelines
Litigation Holds	Information Security Program	Electronic Mail Retention Standard	Litigation Holds Guidelines
Malware (e.g., Viruses, Worms, Spyware)	Information Security Program Responsible Use Policy Computer Crimes Policy	Computing Devices Standard	Removal, FAQs, and Reporting Procedures Potentially Infected Computer Notification to Users
Network Security (see also Wireless Network)	Information Security Program Responsible Use Policy	Network Security Network Configuration Compliance Cal Poly Network Communication Devices: Standards and Responsibilities Residence Hall Student Computing Agreement	Attaching Network Communication Devices to the Cal Poly Network Removing Networked Devices from the Cal Poly Network Exception Procedure for Connecting Non-Standard Equipment to the Network
Organization/Governance	Information Security Program		Information Security Coordinators Designated Information Authorities of CP Records Security Contacts
Passwords	Information Security Program Responsible Use Policy	Cal Poly Passwords	Password Expiration
Payment Card Industry Data Security Standards	Information Security Program	Payment Card Industry Data Security Standards
Peer-to-Peer File Sharing (see Copyright, Trademark, and Patents)
Personnel Security	Information Security Program		Confidentiality Security Agreements
Phishing	Responsible Use Policy Electronic Mail and Messaging Policy		Reporting Abuse- Email Procedures Email Scams and Hoaxes
Physical Security	Information Security Program
Policy Management	Information Security Program
Political Advocacy	Responsible Use Policy
Recording Devices	Responsible Use Policy		Use of Electronic Recording Devices
Record Retention/Disposition	Information Security Program	Record Retention and Disposition Standard Email Retention Standard	Record Retention and Disposition Schedules Designated Information Authorities of CP Records
Risk Management/Assessment	Information Security Program	Risk Self-Assessment Standard	Risk Self-Assessment Form Level 1 Information Asset Form for workstations (XLS) Level 1 and 2 Information Asset Form for servers (XLS) Information Security Coordinators
Security Awareness Training	Information Security Program		Information Security Awareness Training Handout Security Training, Materials, and Presentations
Software/System Acquisition (see also Web Applications)	Information Security Program Responsible Use Policy Software Acquisition Policy	Software Acquisition Standards	Software Decision Process Technology Purchases Electronic and Information Technology (E&IT) Acquisition Checklist (DOC)
SPAM	Responsible Use Policy Electronic Mail and Messaging Policy		SPAM Alerts Reporting SPAM
Third Party Contracts	Information Security Program Software Acquisition Policy	Software Acquisition Standards	Software Acquisition Process Technology Purchases Electronic and Information Technology (E&IT) Acquisition Checklist (DOC)
Viruses/Worms (see Malware)
Web Applications	Information Security Program Responsible Use Policy Software Acquisition Policy	Software Acquisition Standards Web Application: Approval Process Web Application: Security Vulnerabilities Web Application: Software Testing Web Application: Version Control	Software Decision Process Technology Purchases Electronic and Information Technology (E&IT) Acquisition Checklist (DOC) Compliance Process Guide (WARC)
Websites and Accessibility to Digital Content	Responsible Use Policy	Web Accessibility Standards	Compliance Process Guide (WARC)
Wireless Networks	Information Security Program Responsible Use Policy University Airwaves Policy	Wireless Airwaves Standards	Attaching Network Communication Devices to the Cal Poly Network Removing Networked Devices from the Cal Poly Network Exception Procedure for Connecting Non-Standard Equipment to the Network Wireless Clicker (Classroom Response System) FAQs Wireless Clicker (Classroom Response System) Strategy

Navigation

Information Security

Quick References

Policies and Laws

Contacts

Policies, Standards, Guidelines, Procedures, and Forms