IT Policy

The Lawrence Berkeley National Laboratory (LBNL) Requirements and Policies Manual (RPM) sets forth the University of California and Lawrence Berkeley National Laboratory policies that help define a framework for Laboratory operations. LBNL expects employees and affiliates to apply professional best practices and ethics in interpreting and exercising these policies since the RPM cannot address all possible circumstances (see UC Standards of Ethical Conduct, Section 5). When a policy, procedure, or other form of guidance is unclear or silent, contact the appropriate Group for clarification. View Human Resources Policy and Assurance.

1. Acceptable Use of Information Technology
   This policy defines acceptable use of Laboratory Information Technology (IT) at Berkeley Lab. Acceptable use includes both business (official) use and incidental personal use, subject to restrictions. This policy also describes unacceptable use and sanctions.
2. Security for Information Technology
   This policy describes cyber security responsibilities and requirements for Berkeley Lab Information Technology (IT). This includes responsibilities and requirements for:
   • Individuals and supervisors
   • Certain roles such as system administrator, web server owner, and application developer
   • Divisions, including division security liaisons and
   • The Cyber Security Program (Cyber Security)
3. Lifecycle Management for Information, Hardware, Software, and Services
   This policy establishes line management and individual responsibility for lifecycle management of Laboratory Information and Laboratory Information Technology (IT) assets at Berkeley Lab. This policy complements other policies on aspects of lifecycle management, including security and information controls. This policy describes responsibilities and requirements for lifecycle management of Berkeley Lab’s:
   • Information
   • Institutional (centrally provided) services
   • Hardware, software, and services, including acquisition restrictions
   • Software with special considerations, including:
     • Safety Software
     • Software with physical interfaces
     • Hardware and software assets, and services, including acquisition restrictions
4. Controlled and Prohibited Information Categories
   The general expectation is that Berkeley Lab information can be shared without restriction. However, some categories of information may affect the legal or security status of the Laboratory and require additional controls. These categories include:
   • Protected Information, including Personally Identifiable Information (PII) and Personal Health Information (PHI)
   • Official Use Only (OUO), Controlled Unclassified Information (CUI), and Sensitive but Unclassified (SBU) Information
   • Proprietary Information (e.g., information under a Cooperative Research and Development Agreement [CRADA] or a Nondisclosure Agreement [NDA])
   • Export-controlled information
   • Information with foreign national restrictions (e.g., No Foreign National Access [NOFORN])
   • Prudent to Protect information
     
     This policy prohibits the following information:
   • Classified information
   • Unclassified Controlled Nuclear Information (UCNI)
   • Naval Nuclear Propulsion Information (NNPI)
5. Privacy, Monitoring, and Access without Consent
   To further the secure and acceptable use of Berkeley Lab Information Technology (IT) and information at Lawrence Berkeley National Laboratory (Berkeley Lab), this policy:
   • Defines no expectation of privacy in use
   • Establishes authority to monitor and consent to monitoring
   • Establishes policies and procedures for Access without Consent
6. Cyber Security Risk Management Approach
   This policy describes roles and responsibilities for Berkeley Lab’s cyber security risk management approach.
7. Scientific and Technical Publications Requirements
   This policy describes Berkeley Lab requirements for the publication of scientific and technical information (STI).
8. Archives and Records Management Policy
   This policy establishes line-management responsibility for managing scientific and operational records at Berkeley Lab. It also establishes and specifies responsibilities for:
   • Employees and affiliates
   • Divisions and departments
   • Division Records Liaison Officers
   • The Laboratory-wide Archives and Records Office
9. Printing and Duplicating Policy
   This policy describes the process of procuring printed or duplicated materials at Berkeley Lab, including digital and offset printing or duplicating of scientific and technical information (STI) and non-STI publications, such as public-information documents.
10. Flexible Work Options Policy
    Flexible work options are tools that Berkeley Lab managers and supervisors can use to help meet the work-life balance needs of their employees while simultaneously ensuring that the work unit’s operational needs are met. While the Laboratory supports the use of flexible work options whenever possible, the use of these options does not change the basic terms and conditions of Laboratory employment.