Information Security Governance Committee Terms of Reference

Formation and Overall Objectives:

The CIO has created the Information Security Governance Committee to address IS governance and the successful adoption of best practices in data stewardship. This is a committee composed of senior members of the UBC community, whose leadership is important to bring focus and alignment to the university with respect to changes UBC has to implement in order to improve our information security. The ISGC meets quarterly, or as needed, to set direction for establishing best practices, review progress and articulate needs for common security practices to and for the wider community. 

Specific Goals (to include):

  1. To review the information security strategy with respect to enterprise wide application and adoption
    1. To periodically review the information security framework that will represent UBC's needs
    2. To provide guidance, focus and alignment for the university's information security practices and policies
      1. To review risks to the community where changes in information security practices and policies can lower the risks to the institution
      2. To guide the development of mitigations for those risks in the form of practices and policies
      3. To assess any requests for policy exceptions from individual or groups of units
    3. To oversee the development of controls and assessments for validating the university's information security practices
  2. To represent the UBC community with respect to planning and prioritizing information security practices across the enterprise
  3. To influence the UBC community in aligning with the articulated information security vision and to advocate the need for common security practices, services and initiatives
  4. To facilitate a culture of broader information security awareness throughout the community

Deliverables:

  • Guidelines and critical review of UBC's core information security foundation, as developed by subject matter experts in IT, Internal Audit, committees, etc., specifically pertaining to:
    • Information security strategy
    • Information security framework
      • Information security best practices
      • Information security policies
      • Information security controls for compliance validation
  • Status reports to the IT Executive Steering Committee and the represented units
  • Maintaining the evolving and current overall information security vision for UBC
  • An annual review of the Terms of Reference for this committee

Communications

  • Communications responsibilities for the ISGC include:
    • Regularly reporting to the IT Executive Steering Committee
    • Regularly disseminating ideas and recommendations of the ISGC to the UBC community
    • Providing input into communication plans for changes to existing services or for the deployment of new services