Wake Forest University acknowledges the critical, ongoing need to provide a comprehensive oversight process designed to protect its information assets and electronic systems. Further, the University acknowledges that an effective information security strategy requires a strong and collaborative partnership across the IT organization and with the University user community. As such, the Information Technology Security Advisory Committee (ITSAC) advises the Executive Vice President, Provost and CIO on issues of security, privacy, and risk reduction. This committee may recommend information security strategies that are integrated with the University’s overall enterprise risk management programs. The committee is also the principal advisory body to the Executive Vice President, Provost, and CIO regarding security policies, and is responsible for recommending measures to protect the confidentiality, integrity and availability of the University’s information technology resources and data. The committee may evaluate and recommend resources that will improve the University’s IT security and safeguard the University’s information technology resources and data from compromise, misuse, loss or damage caused intentionally or unintentionally..
The members of ITSAC include the Executive Vice President, Provost, Senior Vice President and General Counsel, Counsel (Chair), Associate Vice President for Information Technology & CIO, Chief Audit and Compliance Officer, Vice President for Finance, Chief Human Resources Officer, Chief Information Security Officer, and the Director of IT Infrastructure.
The specific charge of the ITSAC is to:
- Make recommendations regarding a comprehensive information security program that is designed to coordinate and facilitate the delivery of information security best practices and services distributed throughout the University.
- Review and recommend policies and standards designed to protect the University’s information assets and electronic systems while also maintaining compliance with security requirements of applicable federal and state laws and regulations, such as the Family Educational Rights and Privacy Act, the Health Insurance Portability and Accountability Act, and the North Carolina Identity Theft Protection Act.
- Collaborate with campus constituents and information technology resource owners who are responsible for the development and oversight of a secure IT environment that accommodates emerging technologies, maintains regulatory compliance and minimizes the University’s information security risk exposure.
- Receive and evaluate risk assessments regarding current or emerging security threats, and review and recommend mitigation strategies to address such risks.
- Evaluate proposed technology solutions needed or intended to manage campus information security risks.
- Sponsor information security awareness programs and provide advice to the Executive Vice President, the Provost, and the Information Systems leadership team regarding education and communication about policy and compliance measures and initiatives.
- Provide updates to the University’s Information Technology Executive Committee (ITEC) (and other relevant committees as deemed advisable by ITSAC) and obtain ITEC input (and the input of other relevant committees) prior to recommending final approval of new or revised security policies or the adoption of new technologies.
ITSAC will meet quarterly with the option to call special meetings on an as-needed basis. Minutes will be recorded to reflect discussion, decisions and action items.