Policy, Standards & Resources

Information Security Standards

As provided under the Information Systems Policy (SC14), mandatory rules governing the use and protection of University data and computing resources have been issued. These rules are referred to as the Information Security Standards (“Standards”).

This page provides a current copy of the Standards for reference and operational use. The official, authoritative version is published in UBC's policy repository, as set out in the Regulatory Framework Policy (GA2).

All Users of UBC Electronic Information and Systems are responsible and accountable for complying with these Standards. 

The Standards are divided into two categories: User Standards (prefixed with a 'U') and Management and Technical Standards (prefixed with an 'M'). They are linked in the tables below, along with resources and links to assist Users with compliance.

To learn more about the application of these Standards and how specific audiences should approach them, see the Roles & Responsibilities:

For more information about the Standards, see our Frequently Asked Questions. For a complete list of definitions of the dotted underlined terms used in the Standards, see the Glossary.

A single page containing all the Information Security Standards is also available: 
View all standards

Std #Legacy Std #StandardLast Revised

Standards for All Users

U1#1

Security Classification of UBC Electronic Information and Services

2026-03
U2#2

Passphrase and Password Protection

2025-03
U3#3

Transmission and Sharing of UBC Electronic Information

2025-03
U4#4

Reporting Cybersecurity Incidents

2025-03
U5#5

Encryption Requirements

2025-03
U6#6

Working Remotely

2023-10
U7#7

Securing Computing and Mobile Storage Devices/Media

2026-01
U8#8

Destruction of UBC Electronic Information

2022-01
U9#9

Outsourcing and Service Provider Management

2025-03
U10#10

Accessing Electronic Accounts of Other Users

2024-03
U11n/a

Securing Internet of Things (IoT) Devices

2026-01
U12n/a

Restricted Software and Services

2025-03

Management and Technical Standards

M1#21

Requesting Variances

2025-03
M2#11User Account Management2021-01
M3#12

Privileged Account Management

2025-03
M4#13Securing User Accounts2026-01
M5#14

Vulnerability Management

2026-01
M6#15Security of Wi-Fi Infrastructure2021-01
M7#16

Cryptographic Controls

2026-01
M8#17Logging and Monitoring of UBC Systems2025-03
M9#18Physical Security of UBC Data Centres2021-01
M10#19

Security Architecture and Firewalls (formerly Internet-facing Systems)

2026-01
M11#20

Development and Modification of Software Applications

2025-03

Feedback

The Standards are subject to periodic reviews to adapt to changing expectations and risks. We encourage you to provide feedback by email to privacy.matters@ubc.ca.

Page last updated on April 2, 2026

Office of the CIO

6356 Agricultural Road
Vancouver, BC Canada
V6T 1Z2
604 822 3634
E-mail ubc.cio@ubc.ca

Related Sites

Need Help?

Urgent Message An exclamation mark in a speech bubble. Bluesky The logo for the Bluesky social media service. Bookmark A bookmark in a book. Browser A web browser window. Caret An arrowhead indicating direction. Arrow An arrow indicating direction. Arrow in Circle An arrow indicating direction. Arrow in Circle An arrow indicating direction. Time A clock. Chats Two speech clouds. E-commerce Cart A shopping cart. Facebook The logo for the Facebook social media service. Help A question mark in a circle. Home A house in silhouette. Information The letter 'i' in a circle. Instagram The logo for the Instagram social media service. Linkedin The logo for the LinkedIn social media service. Location Pin A map location pin. Locked A locked padlock. Mail An envelope. Menu Three horizontal lines indicating a menu. Minus A minus sign. Pencil A pencil indicating that this is editable. Telephone An antique telephone. Play A media play button. Plus A plus symbol indicating more or the ability to add. Print A printer pushing out a piece of paper. Search A magnifying glass. Settings A single gear. Arrow indicating share action A directional arrow. Speech Bubble A speech bubble. Star An outline of a star. Twitter / X The logo for the X (aka, Twitter) social media service. User A silhouette of a person. Vimeo The logo for the Vimeo video sharing service. Youtube The logo for the YouTube video sharing service.