The role of governance in an organization is to set policy, establish authority and responsibility, and implement accountability. IU's Program is governed by the Information Security and Privacy Risk Council. The Council is a standing committee providing broad strategic guidance and oversight to support the university-wide Indiana University Information Security and Privacy Program.
The Information Security and Privacy Risk Council will:
- Develop, seek wide input, and recommend strategic direction to the Chief Security Officer and Chief Privacy Officer on university-wide information security and data privacy.
- Review and coordinate university-wide information security and privacy-related policies, procedures, and initiatives, regardless of the office or sector responsible.
- Review and coordinate university-wide efforts to improve employee awareness of information security and privacy practices, regardless of the office or sector responsible.
- Provide strategic input to key information security and privacy projects undertaken by the University Information Security Office, the University Information Policy Office, and offices having compliance or monitoring responsibilities for the information security and privacy of particular sectors.
- Advise university administration on matters of information security and privacy, and with respect to compliance requirements.
- Stay abreast of emerging information security and privacy issues and adjust strategy as necessary.
View the Information Security and Privacy Risk Council Charter