Faculty Handbook 2020-2021

SUNY College of Optometry

Faculty Handbook 2020-21

INFORMATION SECURITY COMMITTEE Reviewed June, 2019

Purpose: The Information Security Committee (InfoSec Committee) addresses the evolving information security and privacy needs of the College. The InfoSec Committee advises on issues of security and risk reduction. This committee is responsible for implementing information security and privacy policies, evaluating new threats and reducing risk of intrusion, loss of data integrity and compliance violations. It suggests and evaluates resources for approaching security concerns, and generates initiatives to propose major projects that will improve the College’s security posture. The InfoSec Committee will advise regarding assessment activities and will provide advice regarding education and communication that may be needed to support the policy and compliance measures developed. The InfoSec Committee will also suggest resources needed for the campus to manage IT security. These will be balanced with what are considered to be reasonable and acceptable levels of risk to be assumed by the College. Reporting Link: The Information Security Committee reports to and is appointed by the Vice President for Administration and Finance. Membership: • Information Security Officer (serves as Chair) • Privacy Officer • Compliance Officer • Internal Control/Enterprise Risk Management Officer • University Police representative • Individual(s) responsible for complying with various information security and privacy • Additional academic, clinical and administrative representatives as appropriate Members of the Committee are appointed annually, but there are no term limits. Responsibilities: • Serve as a resource on information security and privacy issues; • Review and champion existing information security and privacy objectives, strategies, policies, procedures and standards and recommend improvements and revisions, as appropriate, to ensure that they meet regulatory and policy requirements; • Promote and provide support for information security initiatives throughout the College; • Provide guidance and support in matters of compliance and enforcement when violations of security policies, procedures, and standards are discovered and investigated; standards, including HIPAA, FERPA, GLB and PCI • Director of Enterprise Systems & Networking

124

Made with FlippingBook - Online catalogs