Information Security Standards
As required under Policy 104, Acceptable Use and Security of UBC Electronic Information and Systems, the CIO has published Information Security Standards, which are mandatory for all Users of UBC Electronic Information and Systems. To learn more about the application of these standards, see the roles and responsibilities table.
The Standards are listed in the tables below, along with resources to assist Users with compliance. While these resources are very useful, they are not mandatory unless explicitly stated. Recognizing that it will take time to fully meet all of the requirements in the Standards, Faculties and Departments are expected to gradually implement these requirements over time. See the example implementation roadmap for more information. Each Faculty and Department is responsible for creating its own implementation roadmap, based on risk and resource considerations.
- Faculty and Staff - should read and take personal responsibility for meeting the requirements in the User Standards #1 to #10.
- University IT Support Staff - should read and take responsibility for meeting the requirements in the Management and Technical Standards #11 to #20, in addition to their personal responsibility for the User Standards and providing assistance for Users in meeting the User Standards as necessary.
- Administrative Heads of Unit - should understand what Standards exist, and take the necessary steps to delegate the responsibility to the appropriate individuals for implementation.
The Standards, associated resources and example implementation roadmap were originally published in August 2014 and they are subject to periodic reviews to adapt to changing expectations and risks. In 2018, an Information Security Standard review cycle began, resulting in updates being made to the following standards:
#1 Security Classification of UBC Electronic Information #2 Password and Passphrase Protection #3 Transmission and Sharing of UBC Electronic Information #5 Encryption Requirements #14 Vulnerability Management
A single PDF version of the all the Information Security Standards is also available: Download the PDF
Standards for All Users
Management and Technical Standards