Purpose
To provide 91°µÍø with guidance in identifying and gaining an understanding of the components of the institution that make up its information security system and thereby enable 91°µÍø to manage cybersecurity risk to systems, assets, data, and capabilities.
Policy
91°µÍø develops, maintains, and disseminates an information security program that includes information security policies and procedures. These policies, procedures, and processes are used to manage, monitor, and support 91°µÍø’s regulatory, legal, risk, environmental, and operational requirements. These requirements are understood and utilized to inform senior leadership of cybersecurity risk.
Summary
- 91°µÍø develops and maintains information security policies that have been approved by senior leadership to provide guidance.
- These policies address the security controls that protect the information systems, information and assets.
- 91°µÍø will assign security roles, coordinating with internal roles and external partners as necessary
- The Security Officer is responsible for bringing risk management recommendations to executive staff.
- The executive staff approves security policies, risk tolerance, risk mitigation and management.
- Among the regulations requiring specific cybersecurity are payment card data, FERPA, GLBA, FTC and California security breach notification statutes.
Governance Policy Details [pdf]
Contact Us