Information Technology & Institutional Planning

Information Security & Compliance

The Department of Information Security & Compliance (ISC) continually assesses IT security risks and controls to ensure compliance and identify opportunities for improvement. The Division of Information Technology & Institutional Planning develops and promotes resources for safe computing practices, including:

  • Information Security – Works in collaboration with the campus community to protect the integrity of campus information technology infrastructure to mitigate risks and losses associated with security threats while supporting access to technology. Provides risk, threat, alert, vulnerability and alert monitoring, investigation, and advisory services for the University’s computing and information assets allowing for improvement to preventative, detective, and corrective controls. Collaborates with faculty and students to support teaching, learning, and research related to IT cybersecurity. 
  • Information Compliance – An information technology compliance program to improve the efficiency and effectiveness of the internal controls and assessment processes, monitor regulations for new or changed requirements, and coordinate with internal and external auditors to ensure compliance. Assists senior management in identifying IT-related control gaps and associated remediation plans and ensures that policies and procedures are updated in a timely manner. Maintains core IT risk processes according to industry standards/frameworks (e.g. ISO27001-2, COBIT, ITIL, NIST, etc.). Compliance requirements include but are not limited to FERPA, HIPAA, PCI DSS, Section 508, GLBA, Red Flag Rule, and GDPR. 
  • Business continuity (BC) and disaster recovery (DR) - Work with the University community to establish IT Disaster Recovery and Business Continuity criteria and plans;
  • Accessible Technology - Leadership, oversight, and coordination for the campus implementation of the CSU's Accessible Technology Initiative (ATI) to comply with Section 508, WCAG 2.0AA, and WAI-ARIA. It includes each of the three priority areas of ATI: web accessibility, instructional materials accessibility, and procurement.