Policies, Standards, and Guidelines

A small group of people sitting in a lounge area using laptops, viewed from above. There are armchairs, a sofa, and small round tables.

These information security policies, standards, and guidelines provide the minimum requirements for the Wharton community to:

Enable the mission of the school.
Increase trust and reduce risk.
Address regulatory and legal requirements.

An illustration of five people in colorful shirts forming a circle and placing their hands together, representing teamwork and collaboration.

Report a Security Incident

If you suspect a security incident such as a phishing attempt, data breach, or compromised account, contact us immediately.

Report an Incident

Policies

Information Security Policies

Policies form the cornerstone of Wharton’s information security governance, outlining our approach to managing security and risk. They establish clear expectations for all members of the Wharton community regarding the safeguarding of sensitive information and digital assets.

Acceptable Use Policy

Penn policy

Report a Security Incident

Policies

Information Security Policies

Acceptable Use Policy

IT Security Policy

Information Security Policy

Privacy Policy

Data Protection and Privacy

Penn Data Risk Classification

IT Network Policy

Privacy in the Electronic Environment

Standards

Information Security Standards

IT Security Standards

Risk Review Standard

Vulnerability Standard

Security Impact Analysis

Travel Standard

Change Enablement Standard

IAM Standard

IT Network Standards

Guidelines

Information Security Guidelines

Information Security Best Practices

Password Handling

AI Guidance

Guidelines for the Use of Social Media at Penn

Protecting Penn Data

Guidelines for the Use of Social Media at Penn

Generative AI Best Practices