Skip to main content

Information Security Policies

All current information security policies can be found on Google Drive. Please visit the following link to find out more:

These policies are developed, reviewed, and recommended by the Information Security Committee and approved by the Administrative Council. Below is a list of policies, links, and the last revision:

Policy EffectiveStatus Revised Reviewed

IS0000 - MLC Information Security Policy

Approved11/30/2023

IS0000A - Appendix A - Personally Identifying Information That Is Generally Considered Public

Approved11/30/2023

IS0000C - Appendix C - Table of Information Guardians and Designated Contacts

Approved11/30/2023

IS0000D - Appendix D - Summary of End User Responsibilities

Approved11/30/2023

IS0000E - Appendix E - Definitions

Approved11/30/2023

IS0001 - Encryption Policy

Approved11/30/2023

IS0002 - Multi-Factor Authentication Policy

Approved11/30/2023

IS0003 - Account and Access Control Review Policy

Approved11/30/2023

IS0004 - Information Security Audit Policy

Approved11/30/2023

IS0005 - Employee Information Security Policy

Approved11/30/2023

IS0006 - Incident Management Policy

Approved11/30/2023

IS0007 - Incident Response Plan

Approved11/30/2023

IS0008 - Information Security Exception Policy

Approved11/30/2023

IS0009 - Data Classification Policy

Approved11/30/2023

IS0010 - Vulnerability and Effectiveness Management Policy

Approved11/30/2023

IS0011 - Asset Management Policy

Approved11/30/2023

IS0012 - System Development and Procurement Policy

Approved11/30/2023

IS0013 - Change Management Policy

Approved11/30/2023

IS0014 - Vendor Management Policy

Approved11/30/2023

IS0015 - Information Security and Awareness Training Policy

Approved11/30/2023