The Information Security Office (ISO) is responsible for the development and maintenance of policies, procedures, guidelines, and guidance that focus on the protection of information and information systems across the University.
Policies
University level policies that apply to all Carnegie Mellon affiliates, and failure to comply with policies may result in sanctions.
Guidelines
Guidelines give specific requirements on various topics that allow the University to meet it's policy and compliance obligations.
Procedures
Procedures are specific steps to follow to obtain a result that meets guidelines.
Guidance
Guidance is information that the Information Security Office has been asked to give an opinion on that may be useful to the larger University community.