- University Policies Home Page
This page links to many important Penn policies and compendia of policies in some of the many areas that affect Penn faculty, staff, students and the community overall.
- University Financial Policy Manual
- HR Policies and Procedures
- Computing Policies and Guidelines
- Purchasing Card Audit Guidelines for Schools and Centers
- The Institute of Internal Auditors
- The Association of College and University Auditors
- The Association of Healthcare Internal Auditors
- The Information Systems Audit and Control Association
IT Security Resources
- SANS CIS Controls v8
The CIS Controls (formerly known as Critical Security Controls) are a recommended set of actions for cyber defense that provide specific and actionable ways to stop today’s most pervasive and dangerous attacks. SANS supports the CIS Controls with training, research, and certification. Details can be reviewed at: http://www.cisecurity.org/controls/v8.
- OWASP Web Application Security Risks
The Open Web Application Security Project (OWASP) is a worldwide not-for-profit charitable organization focused on improving the security of software. Details on the Ten most critical web application security risks can be reviewed at https://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project