The Information Security Office (ISO) is responsible for the development and maintenance of policies, procedures, guidelines, and guidance that focus on the protection of information and information systems across the University.
University level policies that apply to all Carnegie Mellon affiliates, and failure to comply with policies may result in sanctions.
Guidelines give specific requirements on various topics that allow the University to meet it's policy and compliance obligations.
Procedures are specific steps to follow to obtain a result that meets guidelines.
Guidance is information that the Information Security Office has been asked to give an opinion on that may be useful to the larger University community.