Information Security Policies and Standards

CSU Systemwide Information Security Policies are published through the Integrated California State University Administrative Manual (ICSUAM).   

The table below is intended to provide links to campus and system wide policies, standards and other related documentation.


Policy Topic

Supplemental Policies


Procedures & Guidelines

7100.0 Identity Access Management
8000.0 Introduction and Scope               
8005.0 Policy Management      
8010.0 Establishing an Information Security Program      
8015.0 Organizing Information Security  
8020.0 Information Security Risk Management  
8025.0 Privacy of Personal Information
8030.0 Personnel Information Security
8035.0 Information Security Awareness and Training  
8040.0 Managing Third Parties  
8045.0 Information Technology Security
8050.0 Configuration Management  
8055.0 Change Control  
8060.0 Access Control
8065.0 Information Asset Management  
8070.0 Information Systems Acquisition, Development and Maintenance  
8075.0 Information Security Incident Management  
8080.0 Physical Security  
8085.0 Business Continuity and Disaster Recovery
8090.0 Compliance
8095.0 Policy Enforcement
8100.0 Electronic and Digital Signatures


8105.0 Responsible Use Policy

Plans and Reports

Information Security Plan (PDF) - Last updated 4/2018

State & Federal Information Security Laws & Regulations

Applicable CSU and CSU, Chico Policies for Storage of Level 1 Data

Complete CSU Information Security Policy Documents

CSU, Chico Information Technology Policies