In October 2019, an updated version of UC Electronic Information Security IS-3 Policy was released system-wide and was a major overhaul of the previous version. All UC locations were required to align their information security programs with this new policy and related standards. Given the enormous change required, at UCI we have planned the rollout and implementation in multiple phases.
FY23/24 (Currently In Progress)
- Supplier Security Review Process Streamlining
- Campus ISMP and IRP Updates
- Template for Unit Incident Response Plan
- Risk Assessment Process / OneTrust User Experience Improvements
- Update/Retire relevant UCI Administrative Security Policies, Standards, Guidelines
- Redesigned Risk Register and UC Metrics
FY22/23
- Redesigned information security website with new content and improved organization
- UCI Information Security Standard v1.1 published
- Focus on Unit resources and “UISL toolkit”
- Template for Unit Information Security Management Plan
- Classification and Handling P3/P4 Data Training in UCLC
- PDSI/OneTrust User Experience Improvements
FY21/22
- Implement new security ITRM/GRC tool (OneTrust)
- Migrate risk assessments from SRAQ to OneTrust
- Migrate sensitive data inventory from EIRIS to OneTrust (PDSI)
FY20/21
- Security Exception Process defined
- UCI Information Security Standard v1.0 draft review with stakeholders
- Initial Risk Register documented
- Evaluate new security ITRM/GRC tools
FY19/20
- Begin socialization of updated IS-3 policy to campus
- Unit Head and Unit Information Security Lead roles assigned on campus
- Data classification training and resources published
- Third-party review process with new Appendix DS
- Campus Information Security Management Plan (ISMP) v1.0 documented
- Campus Incident Response Plan (IRP) updated to align with new standard