Governance Policy

Purpose

To provide Â鶹ӰÊÓ with guidance in identifying and gaining an understanding of the components of the institution that make up its information security system and thereby enable Â鶹ӰÊÓ to manage cybersecurity risk to systems, assets, data, and capabilities.

Policy

Â鶹ӰÊÓ develops, maintains, and disseminates an information security program that includes information security policies and procedures. These policies, procedures, and processes are used to manage, monitor, and support Â鶹ӰÊÓ’s regulatory, legal, risk, environmental, and operational requirements. These requirements are understood and utilized to inform senior leadership of cybersecurity risk.

Summary

  • Â鶹ӰÊÓ develops and maintains information security policies that have been approved by senior leadership to provide guidance.
  • These policies address the security controls that protect the information systems, information and assets.
  • Â鶹ӰÊÓ will assign security roles, coordinating with internal roles and external partners as necessary
  • The Security Officer is responsible for bringing risk management recommendations to executive staff.
  • The executive staff approves security policies, risk tolerance, risk mitigation and management.
  • Among the regulations requiring specific cybersecurity are payment card data, FERPA, GLBA, FTC and California security breach notification statutes.

Governance Policy Details [pdf]