UTPA Information Security Policy and Standards

What are Policy and Standards?

A policy is a response to a specific issue. Information Security policies are created to respond to issues that can affect the confidentiality, integrity or availability of UTPA information.

Standards are created by the Information Security Office to translate Policy into documents that can help with its implementation.


The following are the Information Security policies at UTPA. They apply to students, faculty, staff, vendors, consultants, and volunteers.

Transition from UTPA Security Manual to Information Security Handbook

We are in the process of transitioning from the Information Resources Security Manual to a replacement document that goes by the name of Information Security Handbook. This document will be divided into 18 sub documents, which are enumerated below. When the document gets finalized, it will have precedence over the corresponding sections in the former document.

Family Document Name Replaces Security Manual Sections Status
Management Controls ISH - Security Assessment and Authorization   Pending
  ISH - Planning   Pending
  ISH - Program Management   Pending
  ISH - Risk Assessment   Completed
  ISH - System and Services Acquisition   Pending
Operational Controls ISH - Awareness and Training   Completed
  ISH - Configuration Management   Draft
  ISH - Contingency Planning   Pending
  ISH - Incident Response   Completed
  ISH - Maintenance   Pending
  ISH-Media Protection   Incomplete
  ISH - Physical and Environmental Protection   Pending
  ISH - Personnel Security   Pending
  ISH - System and Information Integrity   Pending
Technical Controls ISH - Access Controls   Pending
  ISH - Audit Control   Pending
  ISH - Identification and Authentication   Incomplete
  ISH - System and Communication Protection   Pending