Information Technology & Institutional Planning

Information Security & Compliance

The Department of Information Security & Compliance (ISC) continually assesses IT security risks and controls to ensure compliance and identify opportunities for improvement. The Division of Information Technology & Institutional Planning develops and promotes resources for safe computing practices, including:

  • Information Security –  Works in collaboration with the campus community to protect the integrity of campus information technology infrastructure to mitigate risks and losses associated with security threats, while supporting access to technology.  Provides risk, threat, alert, vulnerability and alert monitoring, investigation, and advisory services for the University’s computing and information assets allowing for improvement to preventative, detective and corrective controls.  Collaborates with faculty and students to support teaching, learning and research related to IT cybersecurity. 
  • Information Compliance – An information technology compliance program to improve efficiency and effectiveness of the internal controls and assessment processes, monitor regulations for new or changed requirements, and coordinate with internal and external auditors to ensure compliance. Assists senior management in identifying IT related control gaps and associated remediation plans, and that policies and procedures are updated in a timely manner. Maintains core IT risk processes according to industry standards/frameworks (e.g. ISO27001-2, COBIT, ITIL, NIST, etc.).  Compliance requirements include, but not limited to:  FERPA, HIPAA, PCI DSS, Section 508, GLBA, Red Flag Rule, GDPR. 
  • Business continuity (BC) and disaster recovery (DR)  - Work with the University community to establish IT Disaster Recovery and Business Continuity criteria and plans;
  • Accessible Technology - Leadership, oversight and coordination for the campus implementation of the CSU's Accessible Technology Initiative (ATI) to comply with Section 508, WCAG 2.0AA, and WAI-ARIA.  It includes each of the three priority areas of ATI: web accessibility, instructional materials accessibility, and procurement.

To report an IT security concern, go to: www.cpp.edu/itsecurity/security-concern.shtml.  For more information, including tips and resources, see eHelp's Information Security page.

To access a list of CPP IT Policies, Procedures, and Guidelines, go to: https://www.cpp.edu/~it/policies-procedures-guidelines/index.shtml.