Policies, Standards, and Guidelines

These information security policies, standards, and guidelines provide the minimum requirements for the Wharton community to:

1. Enable the mission of the school.
2. Increase trust and reduce risk.
3. Address regulatory and legal requirements.

Policies establish clear expectations for Wharton regarding the safeguarding of data and digital assets.

Standards define the minimum process and control requirements for protecting data and digital assets.

Guidelines provide recommended best practices aligned with Wharton’s information security standards.

• Information Security Policy

• Risk Review Standard
• Vulnerability Management Standard
• Exception Standard
• Identity and Access Management Standard

• AI API Key Requirements
• Travel Guidelines
• Generative AI at Wharton
• Slack Guidelines

Penn
Policies

Penn
Standards

Penn
Guidelines

• IT Security Policy
• IT Network Policy
• Acceptable Use Policy
• Privacy Policy
• Penn Privacy in the Electronic Environment
• Digital Accessibility Policy

• Data Classification
• IT Security Standards
• IT Network Standards

• Information Security Best Practices
• Best Practices for Password Handling
• AI Guidance
• Protecting Penn Data
• Guidelines for the Use of Social Media at Penn