Faculty Handbook

INFORMATION SECURITY COMMITTEE Reviewed June 2019

PURPOSE: The Information Security Committee (InfoSec Committee) addresses the evolving information security and privacy needs of the College. The InfoSec Committee advises on issues of security and risk reduction. This committee is responsible for implementing information security and privacy policies, evaluating new threats, and reducing risk of intrusion, loss of data integrity and compliance violations. It suggests and evaluates resources for approaching security concerns and generates initiatives to propose major projects that will improve the College’s security posture. The InfoSec Committee will advise regarding assessment activities and will provide advice regarding education and communication that may be needed to support the policy and compliance measures developed. The InfoSec Committee will also suggest resources needed for the campus to manage IT security. These will be balanced with what are reasonable and acceptable levels of risk to be assumed by the College. Reporting Link: The Information Security Committee reports to and is appointed by the Vice President for Administration and Finance. Membership: • Information Security Officer (serves as Chair) • Privacy Officer • Compliance Officer • Internal Control/Enterprise Risk Management Officer • University Police representative • Individual(s) responsible for complying with various information security and privacy standards, including HIPAA, FERPA, GLB and PCI • Director of Enterprise Systems & Networking • Additional academic, clinical, and administrative representatives as appropriate Members of the Committee are appointed annually, but there are no term limits. Responsibilities: • Serve as a resource on information security and privacy issues; • Review and champion existing information security and privacy objectives, strategies, policies, procedures and standards and recommend improvements and revisions, as appropriate, to ensure that they meet regulatory and policy requirements; • Promote and provide support for information security initiatives throughout the College; • Provide guidance and support in matters of compliance and enforcement when violations of security policies, procedures, and standards are discovered and investigated; • Evaluate information security and privacy training needs and update as appropriate to ensure regulatory and policy requirements The committee consults informally and meets as needed. Minutes are maintained and routed to the Committee and interested others. Decision Making: Decisions and/or recommendations are made by majority vote.

112

Made with FlippingBook - professional solution for displaying marketing and sales documents online