The approval process for the deans and Vice Presidents to sign off on the annual information security assessments requires coordination between the Division of IT and the Division Risk Assessment Coordinator (D-RAC) from the college or division.

Process:

Step

Personnel

Action

1

Assessor

Respond to all findings (i.e. corrective action, risk management decision)

2

Division Risk Assessment Coordinator

Notify the Division of IT that all risk assessments and related findings are complete

3

Division of IT

Create a college/division executive summary which includes:

•Decisions or actions that the CISO thinks may deserve additional consideration

•Aggregate data for the college/division

•Dean/VP signature page

4

Divison of IT

Prepare college/division information security assessment report (which includes PDFs of all risk assessments in the college/division)

5

Division of IT

Send documentation (i.e. college/division executive summary, college/division information security assessment report) to the D-RAC

6

Division Risk Assessment Coordinator

Submit documentation to the dean/VP for signature

7

Dean or VP

Review and approve college/division executive summary

8

Division Risk Assessment Coordinator

Submit signed dean/VP signature page to Division of IT

9

Division of IT

Create university executive summary which includes:

•Decisions or actions the CISO thinks may deserve additional consideration.

•Aggregate data for the university

•CISO Signature Page

10

Chief Information Security Officer (CISO)

Review and approve university executive summary

11

CISO

Submit university executive summary to the CIO & President