Information Security Roles and Responsibilities (cont.)

Executive Steering Committee on Computing
The Executive Steering Committee on Computing (“ESCC”) is a forum for executive consideration of University-wide computing strategy. In 2008, the President’s Council approved Carnegie Mellon’s Information Security Policy and, by doing so, established the ESCC’s authority to oversee its implementation. Specific oversight responsibilities related to implementation of Carnegie Mellon’s Information Security Policy include the following:
a.	Reviewing and recommending strategies to implement the Information Security Policy.
b.	Analyzing the business impact of proposed strategies on the University.
c.	Approving proposed strategies.
d.	Serving as a champion for accepted strategies within respective business units and/or colleges.
e.	Overseeing the review and approval of Information Security Policy exceptions.

Executive Steering Committee on Computing