The purpose of this standard is to establish the university’s obligation to ensure compliance with all relevant statutory, regulatory, and contractual requirements in order to avoid breaches related to information security.
It is the responsibility of university executives and department heads to identify all legislation applicable to their organization and to put the appropriate guidelines and procedures in place to meet the compliance requirements.
Direct any general questions about this standard to your unit’s Information Security Liaison. If you have specific questions, please contact ITS Information Security Compliance at ISCompliancefirstname.lastname@example.org.
All relevant statutory, regulatory, and contractual requirements and the university’s approach to meet these requirements should be explicitly identified, documented and kept up to date. The specific controls and individual responsibilities to meet these requirements should also be defined and documented.
ISO/IEC 27002 was adopted by The University of North Carolina at Charlotte in 2012. All standards and guidelines are based on this code of practice for Information Security Management.
Initially approved by Information Assurance Committee 11/06/14