Information Security Policies All current information security policies can be found on Google Drive. Please visit the following link to find out more: Information Security Policies (Google Drive folder) These policies are developed, reviewed, and recommended by the Information Security Committee and approved by the Administrative Council. Below is a list of policies, links, and the last revision: Policy Status Revised Reviewed IS0000 - MLC Information Security Policy Approved 11/30/2023 IS0000A - Appendix A - Personally Identifying Information That Is Generally Considered Public Approved 11/30/2023 IS0000C - Appendix C - Table of Information Guardians and Designated Contacts Approved 11/30/2023 IS0000D - Appendix D - Summary of End User Responsibilities Approved 11/30/2023 IS0000E - Appendix E - Definitions Approved 11/30/2023 IS0001 - Encryption Policy Approved 11/30/2023 IS0002 - Multi-Factor Authentication Policy Approved 11/30/2023 IS0003 - Account and Access Control Review Policy Approved 11/30/2023 IS0004 - Information Security Audit Policy Approved 11/30/2023 IS0005 - Employee Information Security Policy Approved 11/30/2023 IS0006 - Incident Management Policy Approved 11/30/2023 IS0007 - Incident Response Plan Approved 11/30/2023 IS0008 - Information Security Exception Policy Approved 11/30/2023 IS0009 - Data Classification Policy Approved 11/30/2023 IS0010 - Vulnerability and Effectiveness Management Policy Approved 11/30/2023 IS0011 - Asset Management Policy Approved 11/30/2023 IS0012 - System Development and Procurement Policy Approved 11/30/2023 IS0013 - Change Management Policy Approved 11/30/2023 IS0014 - Vendor Management Policy Approved 11/30/2023 IS0015 - Information Security and Awareness Training Policy Approved 11/30/2023