BSD Information Security Policies
The BSD Information Security Office (ISO), UCM and University Information Security Offices have collaboratively developed a set of cyber security policy documents that will direct and guide our Organizations through the new landscape of cyber security threats and regulations. These Policies apply to employees and students of the Organizations, individuals who fall within the definition of “Workforce” of an Organization, and third parties with access to the Organizations’ Information Systems and/or the Organization’s Information Assets (“Covered Individuals”).
For further information or to request assistance, please contact us at security@bsd.uchicago.edu.
| Policy Name | Policy Status |
| Access Control Policy | Approved |
| Audit and Accountability Policy | Approved |
| Awareness and Training Policy | Approved |
| Configuration Management Policy | Approved |
| Cybersecurity Incident Response Policy | Approved |
| Data Classification Policy and Handling Procedures | Approved |
| Media Protection Policy | Approved |
| Personally Owned Devices Policy | Approved |
| Physical and Environmental Protection Policy | Approved |
| Responsibility and Oversight Policy | Approved |
| Risk Assessment & Management Policy | Approved |
| System and Communications Protection Policy | Approved |
| System and Information Integrity Policy | Approved |
| System and Service Acquisition Policy | Approved |
| Identification and Authentication Policy | Approved |
The policies listed above require UChicago VPN login to view.
BSD Information Security Standards
The BSD Information Security Office (ISO) has developed standards to guide a system owner or administrator in reviewing a system configuration and ensuring the system is properly protected. These Standards apply to Systems in the BSD research and academic enterprise, which includes BSD basic sciences, the Pritzker School of Medicine, and various other BSD units engaged in research. System Administrators, researchers and staff with system administration responsibilities are expected to safeguard information and systems they use and/or support. Non-compliance with these standards will result in revocation of access to the data, system, and/or network.
For further information or to request assistance, please contact us at security@bsd.uchicago.edu.
| Standard Name | Standard Description |
| STA-01 BSD Minimum Security Standards for Servers | This document defines the BSD minimum security standards required for systems that may be used to access, store or process (input, output, transmit, receive, display, calculate, etc.) information owned and used by the University of Chicago Biological Sciences Division (BSD). |
| STA-02 BSD Security Standards for Databases | This document defines the BSD Security Standards for Databases including Access, Data, Database Applications, and Build and Configuration controls that a database owner or administrator must take to review and ensure that the database is properly protected. |
| STA-03 BSD Security Standards for Networked Printers |
This document defines the BSD Security Standards for Networked Printers including Access, Logging and Configuration controls that a printer owner or administrator must take to review and ensure that the network printer is properly protected.
|
| STA-04 BSD Password Management Standards |
This document defines the BSD Password Management Standards required for configuring and protecting passwords to reduce the risk of account compromise in the Biological Sciences Division.
|
| STA-05 BSD IT Asset Inventory and Categorization Standards |
This document defines the BSD IT Asset Inventory and Categorization Standards required for identifying and prioritizing BSD information technology assets that contain University information.
|
| STA-06 BSD Media Sanitization Standards |
This document defines the BSD Media Sanitization Standards required for the secure removal of restricted information from media used to store information owned and used by the Biological Sciences Division.
|
| STA-07 BSD Security Standards for Web Applications |
This document defines the BSD Security Standards for Web Applications. This standard ensures that web applications used by the Biological Sciences Division are properly and safely developed.
|
| STA-08 BSD Vulnerability Management Standards |
This document defines the standards required for reducing the risks posed by breaches in security caused by the exploitation of vulnerabilities in the Biological Sciences Division.
|
| STA-09 BSD IT Security Exception Standard |
This document defines the standards for requesting an IT Security exception to compliance with established Biological Sciences Division information security policies, standards, and procedures.
|
| STA-10 BSD Minimum Security Standard for Endpoints |
This document defines the BSD Security Standards for Endpoints (Windows and Mac). This standard ensures that endpoints used by the Biological Sciences Division are properly and safely secured.
|
BSD Information Security Guidelines and Procedures
| BSD Data Research Guidelines for Research Health Information (RHI) |
| The purpose of this guideline is to ensure information security and data privacy for Research Health Information (RHI). |
| Securing Devices Guidelines |
| The purpose of these guidelines is to ensure greater security on individual assets. |
