Our Cybersecurity Program

Obviously Trusted CI takes cybersecurity seriously and as such has concern for both its own data and the data of any projects it engages with. To that end, Trusted CI presents our Cybersecurity program based on the Trusted CI Framework. Our Cybersecurity program was revised in 2021 in concert with the release of the Trusted CI Framework, and the Master Information Security Policy & Procedures document defines the foundation of our Framework-aligned cybersecurity program, governing all Trusted CI staff and information resources. 

Additional supporting documents that are referenced from the Master Information Security Policy & Procedures top-level document are provided to show the scope of the Trusted CI Framework — the framework adopted in redesigning Trusted CI's own cybersecurity program — including:

• Collaborator Information Policy

• Document Labeling Policy

• Fellows Participation in Engagements

• Google Drive File Name Tagging

• Incident Response Policy & Procedures

• Information Classification Policy

• Infrastructure Change Policy

• Policy Development Protocol

• Onboarding / Offboarding Policy & Procedures

Along with the above ‘policies and procedures’ documents, we also utilize ‘asset-specific access and privilege specifications’, or ASAPS, for each of our critical assets. This enables us to monitor the roles and access control mechanisms for each of our assets in a tractable way. The assets Trusted CI currently monitors include:

• Apple (Podcasts)

• Badgr

• Backup System (for G-Drive)

• Blogger

• CloudPerm (G-Drive tool)

• DNS Registrar

• GitHub

• Google Admin Account

• Group Service Account

• IDEALS (@Illinois)

• Slack

• SquareSpace (Website)

• Twitter

• YouTube

• Zenodo

• Zoom