The Policy, Compliance, and Assessment Program provides the guidance for the creation and maintenance of Institute-wide information security policies, issue-specific policies, standards, and procedures. These documents are used for IT governance, risk management, and legal & regulatory compliance (e.g. FERPA, GLBA, HIPAA, PCI DSS, NIST 800-171).
Standards and safeguards are used to achieve policy objectives through the definition of mandatory controls and requirements.
Procedures are used to ensure consistent application of security policies and standards.
Data categorization determines what level of protection needs to be afforded to different kinds of data.