Responsibilities for Information Security

The Associate Vice PresidentInformation Technology Services coordinates IT security issues at the University of California.

UC Leadership

University leadership plays a critical role by making direct statements to the campuses, medical centers and national laboratories regarding the importance of implementing appropriate measures to protect the University's electronic information assets.

Campuses, Medical Centers, and National Laboratories

Each location is responsible for designating an Information Resource Security Officer who collaborates with campus functional units to create the campus security program.  Campuses are responsible for articulating guidelines for information management and use consistent with University-wide policies.

Organizational Units

Units are the highest levels of organizational entity defined within the governance, organization and culture of each location where actionable responsibility can be assigned. Unit responsibilities include: administering data access policies and permissions, administering and enforcing connectivity standards, assigning responsibility for security programs, maintaining required inventories of protected data, articulating guidelines and practices for protection of information assets, conducting and funding security audits, handling information security incidents and implementing remediation strategies.

Individuals

All members of the University community are expected to comply with campus implementation plans and to exercise responsibility appropriate to their position and delegated authorities.  Each individual is expected to conduct the business of the University in accordance with the Statement of Ethical Values and the Standards of Ethical Conduct, exercising sound judgment and serving the best interests of the University.