Information Security Standards
As required under Policy 104, Acceptable Use and Security of UBC Electronic Information and Systems, the CIO has published Information Security Standards, which are mandatory for all Users of UBC Electronic Information and Systems. To learn more about the application of these standards, see the roles and responsibilities table.
The Standards are listed in the tables below, along with resources to assist Users with compliance. While these resources are very useful, they are not mandatory unless explicitly stated. Recognizing that it will take time to fully meet all of the requirements in the Standards, Faculties and Departments are expected to gradually implement these requirements over time. See the example implementation roadmap for more information. Each Faculty and Department is responsible for creating its own implementation roadmap, based on risk and resource considerations.
The Standards, associated resources and example implementation roadmap were published in final form on August 15, 2014 to allow Faculties and Departments to start their implementation planning. While the Standards are published as final, they are considered living documents and will be reviewed again in January and July 2015 to address further concerns or questions. For more information about the Standards, see our Frequently Asked Questions. For definitions of the dotted underlined terms used in the Standards, see the Glossary.
A single PDF version of the all the Information Security Standards is also available: Download the PDF
Standards for All Users
Management and Technical Standards
|#11||User Account Management|
|#12||Privileged Account Management|
|#13||Securing User Accounts|
|#17||Logging and Monitoring of UBC Systems|
|#18||Physical Security of UBC Datacentre|
|#19||Internet-Facing Systems and Services|
|#20||Development and Modification of Software Applications||
|#21||Requesting Variances from Information Security Standards|
* This resource is development. Please check back for updates.