Information Security Policies and Standards

Information Security Standards

Information Services has published information security standards to provide a minimum, mandatory baseline at the University of Regina.  These standarda are based on published, external stadards, such as NIST (National Institute of Standards and Technology) and ISO (The International Organization for Standardization) 27001 & 27002.  

University of Regina Policy OPS-080-005 Use of Computer and Network Systems requires authorized users to take appropriate security precautions to protect and secure data, and requires users to keep security measures current.  The standards, below, serves the goal of the policy by providing a target for maintaining and improving information security of the University.  

Information Security Standard	Audience
Password Management Standard	All members of the Univesity community with a computer account.  Associated with the Password Management (OPS-050-035) policy.
Authentication Management Standard	Owners or administrators of applications or systems which control access to University information systems or data.  Associated with the Password Management (OPS-050-035) policy.
Network Printer, Scanner, Fax and Multifunction Device (MFD) Security Standard	Owners or administrators of network printers, scanners, fax or multifunction devices.
Network Firewall Standard	Owners/administrators of externally exposed network services, and owners/administrators of network firewalls.  See announcement and FAQs. To request an open firewall port, please see: https://ursource.uregina.ca/is/forms/openport.html (Log in required).
Bring Your Own Device and Personally Managed Device Standard	Users of personally owned or personally managed device such as smartphones, tablet and desktop computers, laptops, and similar equipment is used to process University data.

Information Risk Classification Framework

Provides classificaiton of information by risk (high, medium, and low), and examples of each type of data.

Data Handling Standard

For each risk level found in the information risk classification, essential, required, and recommended controls are provided to inform the commensurate protection and controls.

Information Security Policies

The following University of Regina policies are applicable to information security. These policies have requirements to support the information security obligations of the University. All policies are under the custodianship of the Executive Director (University Governance).

• Records and Information Management (GOV-070-005)
• Surveys (GOV-070-025)
• Installation and Use of Video Surveillance Systems (OPS-050-015)
• Application Service Providers (OPS-050-020)
• Banner System Security (OPS-050-030)
• Password Management (OPS-050-035)
• Use of Computer and Network Systems (OPS-080-005)
• Supported Hardware, Software and Mobile Devices (OPS-080-015)
• Limitation of Liability for Non University Owned Data (OPS-080-025)
• Information Technology Initiatives (OPS-080-030)
• Unlicensed Radio Frequency Spectrum (OPS-080-035)
• Website Naming, Hosting, Risks and Security (OPS-080-040)
• Freedom of Information and Protection of Privacy (GOV-060-005)
• Code of Conduct (GOV-022-005)