Please Review: Information Security Roles and Responsibilities Policy

February 17, 2021

Dear Colleagues, 

In April 2020, the Berkeley Information Security Office (ISO) sent a proposed new Roles and Responsibilities Policy for comment. This Policy consolidates information security-related roles and responsibilities from UC Berkeley and UC’s systemwide Electronic Information Security Policy, IS-3. It applies to all individuals who use or access UC Berkeley institutional information or IT resources.

Since then, revisions have been made to the proposed policy to integrate feedback from the review period, plus some additional IS-3 requirements. All are listed in the policy’s change log. The updated version of the policy is now being shared to ensure the campus community has another chance to review it before we finalize the formal campus review process. 

Next Steps

This announcement opens a new campus-wide comment period for this draft Policy which will end on March 17, 2021. We encourage you to take this opportunity to review and share your views during the comment period. 

As a reminder, this new policy specifically addresses the definition, identification, and clarification of roles and responsibilities at UC Berkeley with respect to the security and protection of institutional information and IT resources. The Policy was drafted to be consistent with existing information security-related roles and responsibilities at UC Berkeley and incorporates key responsibilities identified in IS-3.

Thank you for your attention to this important policy process.


Jenn Stringer, Associate Vice Chancellor for IT and Chief Information Officer
Allison Henry, Chief Information Security Officer

Related links: Electronic Information Security Policy, IS-3 | Information Security Office

This message was sent to all staff, faculty, and student employees. If you are a manager who supervises UC Berkeley employees without email access, please circulate this information to all.