Office of Information Security

A rainbow over a city like a shield

Penn's ISC Office of Information Security coordinates security services and projects across campus to help safeguard the University's information assets against unauthorized use, disclosure, modification, damage, or loss. This is accomplished by providing a common framework and vocabulary to help manage information security consistently and comprehensively in collaboration with Penn's Schools and Centers. 

Information Security and Privacy Program Charter

The Office of Information Security (OIS) is part of the Information Security and Privacy Program Charter created to establish principles regarding the responsible use of information by the Penn community. The Charter serves to outline the roles and responsibilities of those University officials tasked with overseeing University programs designed to protect individual privacy as well as the confidentiality, integrity, and availability of Penn’s information resources and data. Learn more ...

Key Responsibilities

The Office of Information Security establishes, implements and maintains security programs to assist management in the protection of computing resources and associated information assets against accidental or unauthorized modification, destruction, or disclosure. Some of our key responsibilities include:

  • Establishing appropriate University-wide policies, standards, and guidelines for data and physical security safeguards pertaining to information systems.
  • Reviewing and Recommending the implementation of data security software that provides controlled access and use of sensitive application systems, database management systems, computer operating systems, communication networks, and computer hardware.
  • Providing consultation into technical and application development efforts involving computer data security and integrity issues.
  • Providing a forum for review, counsel, education and communication of computer security administration procedures.
  • Maintaining awareness of existing and proposed legislation and regulatory laws pertaining to information system security.
  • Participation in investigations of information security violations.
  • Educating the general community about the security risks of electronic information systems and provide targeted information informing them of steps they can take to minimize those risks.
  • Information Security and Network Monitoring

Contact US

OIS guidance on reporting security issues is applicable to phone calls, fax and email. Please read the page on reporting security concerns for more information. 

Mailing Address:

3401 Walnut Street
Suite 230A
Philadelphia, PA 19104-6228, USA 
Telephone:(215) 898-2172 
Fax: (215) 573-2037 (please call or e-mail in advance to alert to incoming fax)
Email: security@isc.upenn.edu

When corresponding with the Office of Information Security and sharing sensitive and/or confidential information, using a secure file exchange, e.g., Secure Share, is recommended.  

To contact the Office of Information Security (OIS) personnel, visit OIS Personnel Contact information posted to Box.