The purpose of this standard is to establish the university’s obligation to ensure information security is implemented and operated in accordance with university policies, standards, guidelines and procedures.
It is the responsibility of any college or department owning an information system, to ensure the information security controls for that system are reviewed on a regular basis.
Direct any general questions about this standard to your unit’s Information Security Liaison. If you have specific questions, please contact ITS Information Security Compliance at ISCompliancefirstname.lastname@example.org.
Compliance with security policies and standards
Managers should regularly review the compliance of information processing and procedures within their area of responsibility.
Technical compliance reviews
Information systems should be regularly reviewed for compliance.Technical compliance reviews, whether manual or automated, should be performed and interpreted by a technician specialist. Vulnerability assessments should be planned, documented and implemented in such a way as to ensure they do not lead to compromise of the security of the system.
Independent review of information security
It is the responsibility of ITS Information Security Compliance, working with the Information Assurance Committee to facilitate a review of college and departmental information security objectives, controls, policies, processes and procedures through an annual campus Information Security Risk Assessment. Additional independent reviews of university information security should be conducted regularly or when significant changes occur.
ISO/IEC 27002 was adopted by The University of North Carolina at Charlotte in 2012. All standards and guidelines are based on this code of practice for Information Security Management.
Initially approved by Information Assurance Committee 5/15/15