Security & Compliance (S&C)

Mardecia Bell, Chief Information Security Officer

Vision

Be the IT organization people seek out as a partner who provides guidance, consulting, operational services and assistance with strategies for licensing, compliance, and protection of the university’s information technology assets.

Security and Compliance mission:  Monitor, protect, and secure the university’s IT infrastructure, data, and operations; safeguard the privacy of the university community; and maintain compliance with applicable laws, licenses, and regulations.

To enhance mission performance and achieve our shared goals, we are committed to promoting a culture founded on our core values.

S&C Service and Responsibility

  • Information Security Risk & Assurance

    • Review and evaluate new and changed regulations and contracts for IT security and privacy requirements.
    • Develop plans, projects, analysis and reports to verify the university’s compliance and document any gaps, in accordance with ISO/IEC 27002, the common information security framework recommended at the University of North Carolina system level.
    • Perform assessments of how well the university meets various compliance requirements
    • Create and update university IT Regulations and Standards, including the Computer Use Regulation, the Data Management Procedures regulation and associated Data Classification Statement. Update IT aspects of the university Records Retention Schedule.
    • Work with the Office of General Counsel in planning for e-discovery and developing IT aspects of other university regulations.
    • Improve the stance of the university on computer security and privacy aspects of identity management and data sensitivity projects.
  • Information Security Services
    • Computer security incident handling and mitigation
    • Security log management
    • Enterprise antivirus protection
    • Access controls to SYSNEWS tools, email, shared volumes and archives
    • Special ID authorization
    • Compliance services for PCI-DSS, DMCA, FERPA and HIPAA
    • Security awareness and computer security training
    • Processing of e-discovery and litigation hold requests
    • SSL certificate management
    • Electronic Data Interchange (EDI) standards and X.12 compliance
    • Security standards
  • Project Portfolio Services
    • Create and maintain standardized project management processes
    • Provide tools to facilitate the detailed planning/tracking of all complex and significant projects
    • Evaluate and develop a comprehensive Organizational Resilience Program
    • Address the needs of the university in terms of people, process, and technology
    • Provides the framework for the IT Business Continuity Plan
  • Software Licensing Management
    • License asset management, compliance and control
    • License negotiation and procurement
    • SAS grant administration
    • Analysis of campus software needs, interests and directions
    • Creating a cooperative and fair software-purchasing partnership with various campus partners
    • Collaboration with the UNC-GA on university system-wide software licenses

Security and Compliance focus areas and accomplishments are enumerated in each annual report.