Skip to content


Units are a point of accountability and can include a variety of entities at UC. If you are responsible for any part of a Unit’s compliance with IS-3, you should be familiar with the policy’s requirements and know the following summary of key action items.  

  1. Implement. Units are responsible for implementing and complying with IS-3 requirements. These include actions ranging from encryption to documentation, from reviewing Unit practices to managing Supplier compliance. Familiarize yourself with the requirements for which you are responsible.
  2. Understand responsibilities. Ensuring a Unit's compliance is a team effort. Make sure you know who's doing what. 
  3. Take a risk-based approach. You understand how important managing cyber risk is, which is why you enhance security by considering risk in all decision-making processes. Your CISO is a resource who can help your Unit find solutions.
  4. Keep up with training. Cybersecurity training is essential as the field of cybersecurity changes rapidly. Stay up-to-date by following training requirements.
  5. Communicate. Keep open lines of communication with all those who share responsibility for your Unit's compliance. This includes reviews, assessments, and reporting information. If you aren't sure, ask your Unit Information Security Lead, Unit Head, or CISO.


Copyright © Regents of the University of California | Terms of use