Skip Navigation

Security Policy and Compliance

Services relating to institutional policy or compliance

Information Security Program Council

The Information Security Program Council (ISPC) acts to set information security program priorities, responds to input from the working groups, and acts to formally adopt policies and procedures. In addition to working group team leads, it consists of a core group of senior leaders and others who have a vested interest in assuring the success of the information security program.

Learn More

Policies & Standards

Our team works closely with the campus community to develop, review and publish cyber security policies and standards. Be sure to review them on a regular basis and check for updates frequently.

Review Policies & Standards

Vendor & Contract Review

Our team reviews and comments on potential vendors and their proposed contracts. It is best to engage us early so we can fully review the offering and help you pick an appropriate vendor, rather than waiting to start this process during procurement.

Learn More

Data Use Agreement Review & Security Attestations

Are you looking to accept data on behalf of the University? You will no doubt be asked to review and sign a data use agreement, which commonly requires a specified level of security practices and procedures. We can help interpret the requirements and review your planned computing environment to determine if the means to comply to those requirements are available.

Learn More

Data Security Standards

Stony Brook University is committed to the confidentiality, integrity, and availability of information important to the University's mission. Data must be protected using the appropriate security measures consistent with the minimum standards for the classification category, where available.

Review Data Security Standards

Data Classification Policy

Stony Brook classifies physical and electronic data into three risk-based categories for the purpose of determining access, permissions, and security precautions. This facilitates applying the appropriate security controls to university data and assists data caretakers in determining the level of security required to protect data on the systems for which they are responsible.

Review Classification Policy