|To:||Deans, Directors, and Department Heads|
W. Randolph Woodson, Chancellor
|Subject:||New UNC IT Security Policy (1400.2)|
|Date:||March 5, 2018|
The Board of Governors voted to establish an Information Security policy (1400.2) at the January 2018 meeting, on the recommendation of the Committee on Audit, Risk Management, and Compliance (CARMC). The new policy requires each of the constituent institutions in the UNC System to establish an information security program and designate a senior officer, accountable to the chancellor, who is responsible for information security. The new policy also describes oversight activities that will be undertaken by the Board of Governors and the Boards of Trustees.
The Chancellor has appointed the Vice Chancellor for IT, Dr. Marc Hoit, to be the senior officer who is responsible for IT Security campuswide. According to the policy:
“The identified senior officer shall be responsible for identifying and deploying all reasonable measures to maintain the security, confidentiality, accessibility, and integrity of information resources of UNC General Administration or the constituent institution. The senior officer, as an essential component of the officer’s designation, shall possess all necessary authority to implement and evaluate all aspects of the information security plan.“
Mardecia Bell, Chief Information Security Officer and director of OIT’s Security and Compliance unit will support Dr. Hoit with these duties and be responsible for the management of the university’s information security program.
IT Security was made part of the Board of Trustees Audit, Risk Management and Finance committee’s responsibility in 2017. The Vice Chancellor for IT is required to report to the committee on a regular basis.
Please ensure this is shared with your units and that the responsible employees support the efforts to reduce our risk and improve our privacy and security.