Oregon State University

803: Reference Material

Information Security Policies & Procedures Manual
Section 800: Awareness and Training
Effective: 01/11/2010

803-01 ISO 27000 Series

From www.27000.org:

The ISO 27000 series of standards have been specifically reserved by ISO for information security matters and will be populated with a range of individual standards and documents. The following series is currently planned or already published:

ISO 27001 – Specification for an information security management system (ISMS).

ISO 27002 – Potential new standard for existing ISO 17799, which is a code of practice for Information Security.

ISO 27003 – New standard for guidance on the implementation of an ISMS.

ISO 27004 – New standard for information management measurement and metrics.

ISO 27005 – New standard for information risk management.

ISO 27006 – New standard to provide guidelines for the accreditation of organizations offering ISMS certification.


803-02 Control Objectives for Information and related Technology (COBIT)

From www.isaca.org/cobit:  COBIT is an IT governance framework and supporting toolset that allows managers to bridge the gap between control requirements, technical issues and business risks.

OUS Internal Audit will be using COBIT as their auditing standard for Information Security.


803-03 OUS Information Security Policy

Formally adopted by the Board of Higher Education in June 2007, the Oregon University System Information Security Policy has been incorporated as OAR 580-055-0000 and is available at:


This policy identifies eight areas where policies and procedures are required to be adopted by each institution in the system and contains some minimum requirements for each area.  This manual is organized to address all eight areas.


803-04 Oregon’s 2007 Consumer Identity Theft Protection Act

Passed by the 2007 Oregon Legislature as Senate Bill 583 and signed into law by the Governor, this law requires entities who collect “personal information” on Oregon residents to adopt administrative and technical safeguards to protect it.  It also requires notification in the event of a security breach involving this information.  More information can be found at:


Contact Info

Site Maintained by: Office of Human Resources
Oregon State University, Corvallis, OR 97331
Contact us with your comments, questions and feedback
Copyright © 2009 Oregon State University | Disclaimer
Copyright ©  2014 Oregon State University