The goals of IU's Program are to facilitate information security and privacy approaches in order to:
- Maintain the university's viability, both reputational and operational, as a premier institution of higher education.
- Support the university's mission of education (teaching and learning), research, and engagement (outreach and service).
- Guide the conduct of university business.
These goals cannot be achieved by technology alone, but also with non-technology components. The university must not focus solely on electronic information; much institutional data resides in printed form. It is essential to remember that all members of the university community, regardless of affiliation of campus, school, unit, or area of expertise, use or encounter information.
IU's Program is designed to achieve the following information security and privacy objectives:
- Establish institutional security and privacy principles that guide behavior and decision-making at IU.
- Marshal the existing people, processes, and tools available to assist in achieving these security and privacy objectives, regardless of the unit responsible for providing or using them.
- Determine the security and privacy risks facing IU.
- Provide tools for assessing progress on addressing risks and meeting security and privacy goals.
- Identify the gaps and areas where IU does not adequately address risks or meet security and privacy goals.
- Create plans for addressing the gaps.
- Facilitate collaboration to identify effective and efficient solutions.
- Document the university's compliance with applicable laws, regulations, standards, and contractual requirements.