Roles & Responsibilities-Computing Services ISO - Carnegie Mellon University

Information Security Roles and Responsibilities

lvl_2colHorizontalRule

Purpose

The purpose of this document is to clearly define roles and responsibilities that are essential to the implementation of the University’s Information Security Policy.  

Scope

These Roles and Responsibilities apply to all faculty, staff and third-party Agents of the University as well as any other University affiliate who is authorized to access Institutional Data.

Maintenance

These Roles and Responsibilities will be reviewed by the University’s Information Security Office every 5 years or as deemed appropriate based on changes in technology or regulatory requirements.

Definitions

Agent, for the purpose of these Roles and Responsibilities, is defined as any third-party that has been contracted by the University to provide a set of services and who stores, processes or transmits Institutional Data as part of those services.

Executive Steering Committee on Computing (“ESCC”) is a committee appointed by the Provost.  Members include the Provost, Vice Provost for Computing and Chief Information Officer, Vice President and General Counsel, Vice President and Chief Financial Officer, Vice President for Campus Affairs, Vice President for University Advancement, Vice President for Research, two academic deans appointed by the Provost, a member appointed by the Administrative Leadership Group and the Executive Director of Computing Services.

Information System is defined as any electronic system that stores, processes, or transmits information.

Institutional Data is defined as any data that is owned or licensed by the University. See the Guidelines for Data Classification for more information.

Roles and Responsibilities

The University's Information Security Policy states that, “Individuals who are authorized to access Institutional Data shall adhere to the appropriate Roles and Responsibilities, as defined in documentation approved by the ESCC and maintained by the Information Security Office.”  These roles and responsibilities are defined as follows.

lvl_2colHorizontalRule

Revision History

Status:  Published 
Published:  02/19/2009 
Last Reviewed:  03/13/2014
Last Updated:  02/19/2009