About Security & Compliance
Security & Compliance, Mardecia Bell, Director
Be the IT organization people seek out as a partner who provides guidance, consulting, operational services and assistance with strategies for licensing, compliance and protection of the university’s information technology assets.
The Security and Compliance Unit's mission is: to monitor, protect and secure the university’s IT infrastructure, data and operations; to safeguard the privacy of the university community; and to maintain compliance with applicable laws, licenses and regulations.
Areas of service and responsibility include:
- IT Policy & Compliance
- Review and evaluate new and changed regulations and contracts for IT security and privacy requirements.
- Develop plans, projects, analysis and reports to verify the university's compliance and document any gaps, in accordance with ISO/IEC 27002, the common information security framework recommended at the University of North Carolina system level.
- Perform assessments of how well the university meets various compliance requirements
- Create new and update existing university IT Regulations and Standards,including the Computer Use Regulation, the Data Management Procedures regulation and associated Data Classification Statement and also IT aspects of the university Records Retention Schedule.
- Work with the Office of General Counsel in planning for eDiscovery and developing IT aspects of other university regulations.
- Improve the stance of the university on computer security and privacy aspects of identity management and data sensitivity projects
- Information Security Services
- Computer Security Incident Handling and Mitigation
- Security Log Management
- Enterprise Antivirus protection
- Access Controls to SYSNEWS tools, Email, Shared Volumes and Archives
- Special ID authorization
- Compliance services for PCI-DSS, DMCA, FERPA and HIPAA
- Security Awareness and Computer Security training
- Processing of E-discovery and Litigation Hold requests
- SSL Certificate Management
- Electronic Data Interchange (EDI) standards and X.12 compliance
- Security Standards
- Organizational Resilience
- Evaluates and develops a comprehensive Organizational Resilience Program
- Addresses the needs of the University in terms of people, process, and technology
- Provides the framework for the Business Continuity Plan
- Creates and maintains standardized project management processes
- Provides tools to facilitate the detailed planning/tracking of all complex and significant projects
- Portfolio/Project Management
- Software License Management
- License asset management, compliance and control
- License negotiation and procurement
- SAS Grant administration
- Analyzes campus software needs, interests and directions
- Creates a cooperative and fair software purchasing partnership with various campus partners
- Collaborates with the UNC-GA on university system-wide software licenses
Security and Compliance focus areas and accomplishments are enumerated in this annual report: