Information Security Policies

All current information security policies can be found on Google Drive. Please visit the following link to find out more:

• Information Security Policies (Google Drive folder)

These policies are developed, reviewed, and recommended by the Information Security Committee and approved by the Administrative Council. Below is a list of policies, links, and the last revision:

Policy	Effective	Revised	Reviewed
IS0000 - MLC Information Security Policy	11/30/2023
IS0000A - Appendix A - Personally Identifying Information That Is Generally Considered Public	11/30/2023
IS0000C - Appendix C - Table of Information Guardians and Designated Contacts	11/30/2023
IS0000D - Appendix D - Summary of End User Responsibilities	11/30/2023
IS0000E - Appendix E - Definitions	11/30/2023
IS0001 - Encryption Policy	11/30/2023
IS0002 - Multi-Factor Authentication Policy	11/30/2023
IS0003 - Account and Access Control Review Policy	11/30/2023
IS0004 - Information Security Audit Policy	11/30/2023
IS0005 - Employee Information Security Policy	11/30/2023
IS0006 - Incident Management Policy	11/30/2023
IS0007 - Incident Response Plan	11/30/2023
IS0008 - Information Security Exception Policy	11/30/2023
IS0009 - Data Classification Policy	11/30/2023
IS0010 - Vulnerability and Effectiveness Management Policy	11/30/2023
IS0011 - Asset Management Policy	11/30/2023
IS0012 - System Development and Procurement Policy	11/30/2023
IS0013 - Change Management Policy	11/30/2023
IS0014 - Vendor Management Policy	11/30/2023
IS0015 - Information Security and Awareness Training Policy	11/30/2023