Policy & Compliance

---

• 2008 Cyber-safety Report Survey Questions (PDF | Word)
  Includes questions for all 16 Cyber-safety standards. No college/school/office will be required to report on all 16 standards. Required sections for 2008 reports will depend upon the level of compliance reported by your college/school/office in 2007. Additional information will be available in June and July.
• Electronic Information Security Program Assessment (PDF | XLS)

---

• UC Davis Cyber-safety Annual Reporting Timeline (PDF)
• Cyber-safety Workgroup Report (PDF)
  Summary of recommendations for clarifying campus security standards, improving the reporting tool and identifying new central security program initiatives to encourage and support campus units in their efforts to comply with the highest priority security standards.
• UC Davis Cyber-safety Program Policy (PPM-310-22)
• Directive from Provost Hinshaw and Interim Vice Provost Yellowlees(PDF)

---

Level 1 Practices (Highest Priority)

• Software patch updates
• Anti-virus software
• Insecure Network Services
• Authentication
• Personal Information
• Firewall Services

Level 2 Practices (Secondary Priority)

• Physical Security
• No Open Email Relays
• Proxy Services
• Audit Logs
• Backup, Recovery, and Disaster Planning
• Training for Users, Administrators, and Managers
• Anti-Spyware Software
• Release of Equipment with Electronic Storage
• Incident Response Plan
• Web Application Security

---

Annual IT Security Reports

Submit reports between July 1 and September 1.

Exceptions

Department Deans, Vice Chancellors or Vice Provosts may grant an exception. If you are a Dean, Vice Chancellor or Vice Provost and wish to discuss the security risks related to a requested exception, please contact Bob Ono, IT Security Coordinator, at raono@ucdavis.edu.