UTPA Information Security Policy and Standards


What are Policy and Standards?

A policy is a response to a specific issue.  Information Security policies are created to respond to issues that can affect the confidentiality, integrity or availability of UTPA information.

Standards are created by the Information Security Office to translate Policy into documents that can help with its implementation.


The following are the Information Security policies at UTPA.  They apply to students, faculty, staff, vendors, consultants, and volunteers.

Transition from UTPA Security Manual to Information Security Handbook

We are in the process of transitioning from the Information Resources Security Manual to a replacement document that goes by the name of Information Security Handbook.  This document will be divided into 18 subdocuments, which are enumerated below.  When the document gets finalized, it will have precedence over the corresponding sections in the former document.


Family Document Name Replaces Security Manual Sections Status
 Management Controls  ISH - Security Assessment and Authorization   Pending
   ISH - Planning   Pending
   ISH - Program Management   Pending
   ISH - Risk Assessment   Draft
   ISH - System and Services Acquisition   Pending
Operational Controls  ISH - Awareness and Training   Draft
   ISH - Configuration Management   Draft
   ISH - Contingency Planning   Pending
   ISH - Incident Response   Draft
   ISH - Maintenance   Pending
   ISH-Media Protection   Incomplete
   ISH - Physical and Environmental Protection   Pending
   ISH - Personnel Security   Pending
   ISH - System and Information Integrity   Pending
Technical Controls  ISH - Access Controls   Pending
   ISH - Audit Control   Pending
   ISH - Identification and Authentication   Incomplete
   ISH - System and Communication Protection   Pending