UCLA Extension's information security policy ensures that its critical operations, assets and customers are properly protected. Due to the increasing value of the data we collect, store and process, we are committed to its protection, the enforcement of applicable regulatory guidelines and routine assessment of security risks.

This policy applies to all employees, vendors and business partners with whom data is shared or to whom data is accessible. This policy mandates employment of daily operational security procedures.

This policy ensures compliance with applicable laws and standards, protects the University from liability and protects the confidentiality, integrity and availability of our information systems, data and network resources.

A copy shall be provided to contractors, vendors, service providers and business partners who have access to data. Third party persons (i.e. vendors, service providers) who do not comply with this policy may be subject to appropriate actions as defined in their contractual agreements.

Per Payment Card Industry (PCI) Data Security Standards (DSS) PCI DSS v2.0 requirements 12.1, 12.1.3, this policy must be substantively reviewed annually by the managing cashier in Student Services and the Director of Information Technology Services (ITS). Revisions driven either by security incidents discovered during the year or by revisions and updates to the card industry's data security standards will be proposed to the Dean for incorporation.

This policy meets the requirements for having a policy on Information Security as required by the PCI DSS v. 2.0, requirements 12.2, 12.4. This policy will be construed to be superseded by any provision of UC or UCLA policy or California law regarding information security should any conflict be found.

For full policy text, please click here.