Information 安全 标准

标准

The Information 安全 Office, in collaboration with the IT 安全 治理 Committee, develops standards for the protection of University data and systems. The standards set the minimum necessary controls, but do not relieve the university or its employees, 合作伙伴, 咨询顾问, or vendors of further obligations that may be imposed by law, 监管, 或合同. 给n that standards may address minimum controls based on data type, prior to implementing a standard, data owners must properly classify their data as outlined in the University's Data Classification 政策.

标准, both in final and draft state, are available to anyone with valid 俄亥俄州 credentials. While draft standards may have slight changes once implemented in their final state, they still provide industry best practices for various facets of information handling. 

• 查看标准 (Log in with your 俄亥俄州 credentials)

Exception Process

For those that feel that they cannot meet the obligations set forth in a given newbb电子平台 Information 安全 Standard they must complete the Information 安全 Exception Request Form. Requests for exception from an Information 安全 Standard are reviewed by the Information 安全 Office and the associated risks with not meeting the standard are communicated back to the requestor and the appropriate individuals within the institution that have the authority to accept risk on behalf of the institution in accordance with newbb电子平台’s Information 安全 Risk Management 政策 (91.006).

Additional Guidance

For those topics that are not explicitly referenced above, or for additional guidance, the NIST 800 Series Publications are to be used. The Information 安全 Office follows NIST as its framework for consultation provided to the University departments and within OIT for the prioritization of security controls.