An ongoing challenge to managing information security at Ohio State is making sure university organizations comply with federal and state regulations regarding privacy and security. That’s why Enterprise Security has released updated versions of Ohio State’s Information Security Standard (ISS) and Information Security Control Requirements (ISCR):
- The Information Security Standard (ISS version 1.3) provides risk management objectives and security controls for all university information systems.
- The Information Security Control Requirements (ISCR version 1.3.1) provide detailed implementation guidance for the security controls outlined in the Information Security Standard.
The updated documents now fully align with the HIPAA Security Rule. The documents were reviewed by subject matter experts from 18 departments on campus. We greatly appreciate the efforts that campus organizations are making to improve information security, whether it’s implementing new security technology in their departments or helping us improve Ohio State’s information risk management program and security standard.
The new documents can be found on the Information Security website in the right-hand sidebar.
Faculty and staff can also access the Information Risk Management BuckeyeBox folder, which includes a detailed list of the changes made in ISS version 1.3 and ISCR version 1.3.1. Any university faculty or staff may request access to the Information Risk Management BuckeyeBox folder by emailing firstname.lastname@example.org.