The Information Security Committee is responsible for the implementation and compliance of the security related to that information as identified in the Information Security Policy.
The Committee is expected to perform the following in order to meet its responsibilities:
- Coordinate the design and implementation of the Information Security Program with the Information Security Officer (GreyCastle).
- Coordinate and sponsor interdepartmental projects related to the implementation of Information Security at the University.
- Document and communicate the status of the Information Security Program to the President and Senior Staff.
- Review existing Information Security Policies, Standards, and Processes & Procedures to ensure that they meet regulatory requirements and current standards.
- Document and provide reporting to various regulatory agencies to identify compliance.
- Sponsor and champion changes or updates to the Information Security Policy through the University's approved processes.
- Approve changes to Information Security Standards and Processes & Procedures in order to comply with the University's Policy.
- Review and approve exceptions to Information Security Policies, Standards, and Processes & Procedures
- Ensure compliance with Information Security Policies, Standards, and Processes & Procedures in their organizational hierarchy.
- Ensure regulatory and university required training is completed for their organizational hierarchy.
Committee Members are assigned by Senior Staff and represent the primary owners and stakeholders of risk‐based Information at the University. Initial members are proposed as the following:
- Director of Financial Aid (Representing: Admissions, Financial Aid)
- Director of Human Resources (Representing: Human Resources, NCPR/WSLU)
- Associate Vice President of Finance (Representing: Finance, Business Office, Purchasing, Bookstore, Contracted Services, Risk, Student Financial Services)
- Director of IT Infrastructure and Applications (Representing: Information Technology, Library)
- Assistant Vice President for Safety & Security and Emergency Management (Representing: Campus Safety and Security, Dining Services, Health, Residence Life)
- Executive Director of Advancement Operations (Representing: Giving, Donor Relations, Gifts)
- Associate Dean for Academic Administration & University Registrar (Representing: Registrar, Faculty/Academic Departments/Academic Support)
- Assistant Director for Athletics (Representing: Athletics)
- Faculty Member (Representing: Faculty, nominated by Faculty Council)
The Associate Vice President of Finance will act as the committee chair. The Director of IT Infrastructure and Applications will serve as the Vice‐Chair.
The committee will meet at least every semester (3 times a year) to review the state of compliance and for high‐level planning purposes.
Ad hoc meetings will need to be scheduled to review risk and decide upon any exceptions to policies or standards.