Determining Risk Levels

These standards are intended to reflect the minimum level of care necessary for the University's sensitive data. They do not relieve the University of Iowa or its employees, partners, consultants, or vendors of further obligations that may be imposed by law, regulation, or contract. You are encouraged to adopt these core security standards, prioritizing your systems by risk level. As cybersecurity is a rapidly-evolving field that continuously presents us with new challenges, these standards will be revised and updated accordingly. Many of these requirements are already codified in UI Policy, but the overall Core Security Standards document will eventually become UI Policy as well.