Information Security Policies

All current information security policies can be found on Google Drive. Please visit the following link to find out more:

• Information Security Policies (Google Drive folder)

These policies are developed, reviewed, and recommended by the Information Security Committee and approved by the Administrative Council. Below is a list of policies, links, and the last revision:

	Policy	Effective	Status		Revised		Reviewed
IS0000 - MLC Information Security Policy	Approved	11/30/2023
IS0000A - Appendix A - Personally Identifying Information That Is Generally Considered Public	Approved	11/30/2023
IS0000C - Appendix C - Table of Information Guardians and Designated Contacts	Approved	11/30/2023
IS0000D - Appendix D - Summary of End User Responsibilities	Approved	11/30/2023
IS0000E - Appendix E - Definitions	Approved	11/30/2023
IS0001 - Encryption Policy	Approved	11/30/2023
IS0002 - Multi-Factor Authentication Policy	Approved	11/30/2023
IS0003 - Account and Access Control Review Policy	Approved	11/30/2023
IS0004 - Information Security Audit Policy	Approved	11/30/2023
IS0005 - Employee Information Security Policy	Approved	11/30/2023
IS0006 - Incident Management Policy	Approved	11/30/2023
IS0007 - Incident Response Plan	Approved	11/30/2023
IS0008 - Information Security Exception Policy	Approved	11/30/2023
IS0009 - Data Classification Policy	Approved	11/30/2023
IS0010 - Vulnerability and Effectiveness Management Policy	Approved	11/30/2023
IS0011 - Asset Management Policy	Approved	11/30/2023
IS0012 - System Development and Procurement Policy	Approved	11/30/2023
IS0013 - Change Management Policy	Approved	11/30/2023
IS0014 - Vendor Management Policy	Approved	11/30/2023
IS0015 - Information Security and Awareness Training Policy	Approved	11/30/2023