InfoSec Standards, Procedures and Guidelines

The purpose of information security policies, standards, processes and procedures are to establish and maintain a standard of due care to prevent misuse or loss of GPC information assets. GPC information security policies are compulsory for all faculty members, staff, students, contractors and all other workers, unless explicitly exempted otherwise.

Policy provides management direction for information security based on business requirements, laws, and risks to the business, and administrative policies.

Standards are the specifications that contain measurable, mandatory rules to be applied to a process, technology, and/or action in support of a policy.

Procedures are the specific series of actions that are taken in order to comply with policies and standards.

Guidelines are more general recommendations that are optional and not mandatory like policies and standards.

Current InfoSec Standards GPC currently has no official standards adopted in support of information security policies. The Information Security Department is performing a thorough review and reconciliation of current information security policies, in an effort to identify wholes where security standards could fill the gaps, and developing required standards to support the policies currently approved and in force.