Policies & Practices-Computing Services ISO - Carnegie Mellon University

Policies & Practices

The Information Security Office (ISO) is responsible for the development and maintenance of policies, procedures and guidelines that focus on the protection of information and information systems across the University. Click here for an index of all ISO publications or select the appropriate link in the left navigation menu for more information.

Information Security Policy Roadmap

In December 2008, the University implemented a new Information Security Policy.  The Information Security Office is currently working to publish a collection of documents that will help interpret this new policy. An advisory committee has been formed to gain valuable feedback from IT leadership across the University on this effort. The following is a list of deliverables that the Information Security Office has committed to in the security policy roadmap.

  1. Information Security Policy
  2. Information Security Roles & Responsibilities
  3. Guidelines for Data Classification
  4. Guidelines for Data Protection
  5. Guidelines for Data Handling
  6. Procedures for Responding to a Security Breach
  7. Procedures for Policy Exception Handling
  8. Guidelines for Data Retention

NOTE:  Some of above documents may still be in draft form and subject to change.  Those without links have not been started or are still under initial development by the Information Security Office.

Roadmap >>