Information Security Control Requirements (ISCR)
The Information Security Control Requirements (ISCR) provides detailed implementation guidance for each security control specified in the Information Security Standard (ISS). These control requirements apply to all university information systems and assets under the university’s control and to the people who access these systems. Use of these control requirements enables Ohio State to protect its information assets; satisfy legal, regulatory and contractual requirements; and apply best practices for information security and risk management. To better guide implementation efforts, the detailed control requirements in the ISCR are specified according to the level of institutional data being protected, as defined by Ohio State’s Institutional Data Policy (IDP).