Information Security Policies and Standards

Information Security Standards

Information Services has published information security standards to provide a minimum, mandatory baseline at the University of Regina.  These standarda are based on published, external stadards, such as NIST (National Institute of Standards and Technology) and ISO (The International Organization for Standardization) 27001 & 27002.  

University of Regina Policy OPS-080-005 Use of Computer and Network Systems requires authorized users to take appropriate security precautions to protect and secure data, and requires users to keep security measures current.  The standards, below, serves the goal of the policy by providing a target for maintaining and improving information security of the University.  

Information Security Standard Audience
Password Management Standard passwordstandard All members of the Univesity community with a computer account.  Associated with the Password Management (OPS-050-035) policy.
Authentication Management Standard authenticationstandard Owners or administrators of applications or systems which control access to University information systems or data.  Associated with the Password Management (OPS-050-035) policy.
Network Printer, Scanner, Fax and Multifunction Device (MFD) Security Standard mfdstandard Owners or administrators of network printers, scanners, fax or multifunction devices.
Network Firewall Standard mfdstandard

Owners/administrators of externally exposed network services, and owners/administrators of network firewalls. 

See announcement and FAQs.

To request an open firewall port, please see: (Log in required).

Bring Your Own Device and Personally Managed Device Standard mfdstandard

Users of personally owned or personally managed device such as smartphones, tablet and desktop computers, laptops, and similar equipment is used to process University data.

Information Risk Classification Framework mfdstandard

Provides classificaiton of information by risk (high, medium, and low), and examples of each type of data.

Data Handling Standard mfdstandard

For each risk level found in the information risk classification, essential, required, and recommended controls are provided to inform the commensurate protection and controls.

Information Security Policies

The following University of Regina policies are applicable to information security. These policies have requirements to support the information security obligations of the University. All policies are under the custodianship of the Executive Director (University Governance).