- University Policies Home Page
This page links to many important Penn policies and compendia of policies in some of the many areas that affect Penn faculty, staff, students and the community overall.
- University Financial Policy Manual
- University Human Resources Policy Manual
- Computing Policies and Guidelines
- Purchasing Card Audit Guidelines for Schools and Centers
- Attestation Standards
- The Institute of Internal Auditors
- The Association of College and University Auditors
- The Association of Healthcare Internal Auditors
- The Information Systems Audit and Control Association
IT Security Resources
- SANS Top 20
The SANS (SysAdmin, Audit, Network, Security) Institute provides a list of the 20 Critical Security Controls that block known attacks and find the ones that get through. The current top 20 list can be reviewed at http://www.sans.org/critical-security-controls.
- OWASP Web Application Security Risks
The Open Web Application Security Project (OWASP) is a worldwide not-for-profit charitable organization focused on improving the security of software. Details on the Ten most critical web application security risks can be reviewed at https://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project