In attendance:
Terri Shelton, Interim Provost and Vice Chancellor for Research and Engagement
Bob Shea, Vice Chancellor for Finance and Administration and Chief Financial Officer
Tina McEntire, Vice Chancellor for Enrollment Management
Donna Heath, Vice Chancellor for Information Technology Services and Chief Information Officer
Julia Jackson-Newsom, Associate Vice Chancellor for Strategy and Policy
Alan Boyette, Senior Vice Provost
Casey Forrest, Chief Information Security Officer, ITS
Todd Sutton, Associate Vice Chancellor, ITS Chief Customer Success Officer
Jeff Whitworth, Associate Vice Chancellor for Enterprise Technology Infrastructure and Chief Technology Officer
Topic: Upcoming State IT Audit
Context: UNCG received notice from the State Auditor’s Office last week (6/10/21) that our audit is scheduled to begin in August and expected to last through December. Unfortunately, UNCG will be starting over.
There is a new area of focus for OSA on information security gaps created by distributed technology management on their campuses. The UNC System Office created a set of three policies around IT governance and information security in 2018 in response to deep concern across state legislature about the uptick in information security risks and several significant data breaches across the 17 system schools.
For the first time, we have UNC System level policies that explicitly assign responsibility for the security of distributed and central technology to a designated senior officer and the Chancellor. At UNCG, the designated senior officer is Donna Heath.
The UNCCIO Council is in the process of drafting a comprehensive IT Governance Program, which for the first time, includes accountability for the system CIOs for the governance of distributed and central technology resources. As of this writing, the draft document has a motion for approval and is pending ratification.
We know this statewide focus on end-to-end information security risks is going to intensify and we will be required to formalize and enforce our technology support policies, standards and procedures for both ITS and distributed technology across our campus.
Anticipated areas of vulnerability for the upcoming audit were discussed and we began a dialogue about how to best collectively approach development, monitoring and enforcement of university standards for distributed technology functions in alignment with central ITS to ensure UNCG’s compliance with emerging regulatory requirements for management of distributed technology functions.
Discussion will be continued to the next meeting.