skip to main content

Information Security Program Office

The Information Security Program Office (ISPO), reporting to the Board of Regents (BOR) System Chief Information Officer, has been authorized by the BOR with overall responsibility and authority for the development, implementation and maintenance of a comprehensive Information Security Program for the CSCU, to safeguard personal confidential information that is maintained by the colleges, universities, and board offices by protecting it from unauthorized use, disclosure or compromise.  You can contact us via email at

The CSCU Information Security Program to be provided by the ISPO shall, at a minimum, seek to address the following major components:

  • Development and implementation of security policies, standards and procedures which reflect best practices in information security for higher education;
  • On-going compliance with laws and regulations related to information security;
  • Development and provision of security awareness training for the CSCU community;
  • Identification and provision of enterprise-wide security functions to colleges / universities;
  • Management of incident response, investigative support and chain of evidence;
  • Verification and enforcement of security policies in daily operations; and
  • Guidance and assistance to college / universities technical and other staff regarding security functions to be managed or implemented at the colleges / universities.


Information security policies promote consistency, efficiency and effectiveness in delivering secure IT services in support of the CSCU educational mission.  The policies contained here have been adopted and are to be applied to the system office and the colleges and universities that make up the Connecticut State Colleges and Universities System as governed by the Board of Regents.