IT Policy

Lifecycle Management for Information, Hardware, Software, and Services. This policy establishes line management and individual responsibility for lifecycle management of Laboratory Information and Laboratory Information Technology (IT) assets at Berkeley Lab.

• Institutional Services. This documents lists services that only the responsible office or its designee may provide given both security and efficiency reasons.
• Safety Software Quality Assurance Requirements. Software that can have a direct effect on human safety must implement these requirements.
• Specific Procedures for the Reimbursement of HIgh Speed Internet Access

Security for Information Technology. This policy establishes the line management approach to secure computing and requires that employees and affiliates to meet a set of security requirements.

• Minimum Security Requirements. Computers connected to the LBNL network must meet these requirements, which may change based on current risks. They establish a baseline of security for all systems on the LBNL network.

• Open Web Server Requirements. These establish additional requirements for web server owners and system administrators.

• Cyber Security Requirements. In addition to minimum and role-based requirements, the Computer Protection Program uses a variety of procedures to help protect Berkeley Lab. Use of Laboratory IT may not conflict with or interrupt these procedures.

Controlled and Prohibited Information Categories. Some information at LBNL requires additional protection, including Protected Information (e.g. personally identifiable and protected health information), Official Use Only, proprietary, export-controlled, and information with foreign national restrictions. This policy prohibits classified information.

• Protected Information Requirements. Describes end-user requirements, including how to send/receive, store, remove, and share Protected Information. Describes functional (business) owner requirements, including business case approval and security planning, storage, user access review, sharing and disclosing Protected Information, and use of third party providers.
• OUO Management and Storage Requirements. If you've received OUO materials, follow these requirements on managing OUO

Acceptable Use of Information Technology. Includes both business use and incidental personal use, subject to restrictions. The policy also defines and prohibits unacceptable use, e.g. violation of law, policy, use for personal gain, etc.

• Responding to Allegations of Copyright Infringement. Describes how we handle requests from copyright holders to remove content.
• Responding to Inappropriate Use. Describes how we handle misuse of copyrighted and sexually explicit material.

Privacy Policy. Defines no expectation of privacy in use of Laboratory IT, establishes authority to monitor and consent to monitoring, and defines policies for access without consent (i.e. access to an employees information or IT without their permission).

• Berkeley Lab Privacy and Security Notice. Describes how to install our notice of monitoring on systems with multiple users.
• Berkeley Lab Notice to Users. Webpage that notifies external users of monitoring program.
• Request Access Without Consent. Procedure for requesting access to a users information or account without their permission.
• Use of Cameras Provides general guidance on the use of cameras and video recording. (Not an official implementing document).

Records Management. This establishes line-management responsibility for managing scientific and operational records at Berkeley Lab. It also establishes and specifies responsibilities for Divisions and departments, Division records liaison officers, and the Laboratory-wide Archives and Records Office.

• Records Transfer Procedure. Describes how to transfer records from your office area to the Archives and Records office.
• Records Request Form. Use this form when you need to request records that are in storage.
• Records Liaison Officers. Describes liaison responsibilities and lists contacts by division.