Santa Clara University

The Information Security Office will be reaching out to University student leadership, academic departments, and administrative offices over the next several months to develop information security governance and policy structures.  Initiatives and documents will be posted on this site for review and comment.

Guiding Principles

Policies are high level statements that define the University's philosophy on a specific issue.  They can be thought of as organizational "law."  Policies must go through a thorough review before being implemented and must be accessible, comprehensive, and concise.

Standards define minimum requirements for addressing specific issues or risks in order to comply with policy.

Procedures are instructions for how to comply with a standard, often designed for specific audience.  For example, an Anti-Virus procedure could define how end-points on the network will keep their anti-virus software up-to-date.