Information Security Standard (ISS)
The Information Security Standard (ISS) defines 38 risk areas for the university. Each risk area includes a security objective, as well as a list of security controls to be used to meet the stated objective. These risk areas are used to organize, measure and manage risk levels consistently across the university. The ISS takes its mandate from the ITSP and is tightly aligned with Ohio State’s Institutional Data Policy (IDP).