Carnegie Mellon University

The Information Security Office (ISO) is responsible for the development and maintenance of policies, procedures, guidelines, and guidance that focus on the protection of information and information systems across the University. Select the appropriate link in the sidebar.

Policies are University level policies that apply to all Carnegie Mellon affiliates, and failure to comply with policies may result in sanctions.

Guidelines give more specific requirements on various topics that allow the University to meet it's policy and compliance requirements.

Guidance is information that the Information Security Office has been asked to give an opinion on that may be useful to the larger University community.

Procedures are specific steps to follow to obtain a result that meets guidelines.