Security & Compliance

Who We Are

OIT Security & Compliance is your partner in protecting the pack from cyber attacks such as phishing and many other devious, malicious tactics aimed at stealing our identities, money, data, and even our reputation.  However, we cannot do it alone.   We need each and every member of the Wolfpack doing everything possible to keep cybercriminals at bay.

Truly, we can protect ourselves only to the extent that each of us is a strong link in the cybersecurity chain.  Please visit our websites regularly and seek out our guidance whenever you think you might need it.  We provide consulting and operational services along with recommendations and assistance regarding strategies for licensing, compliance, and protection of the university’s information technology assets.

Security & Compliance mission:  Monitor, protect, and secure the university’s IT infrastructure, data and operations; safeguard the privacy of the university community; and maintain compliance with applicable laws, licenses, and regulations.

S&C Service and Responsibility

  • Information Security Risk & Assurance

    • Review and evaluate new and changed regulations and contracts for IT security and privacy requirements.
    • Develop plans, projects, analysis and reports to verify the university’s compliance and document any gaps, in accordance with ISO/IEC 27002, the common information security framework recommended at the University of North Carolina system level.
    • Perform assessments of how well the university meets various compliance requirements
    • Create and update university IT Regulations and Standards, including the Computer Use Regulation, the Data Management Procedures regulation and associated Data Classification Statement. Update IT aspects of the university Records Retention Schedule.
    • Work with the Office of General Counsel in planning for e-discovery and developing IT aspects of other university regulations.
    • Improve the stance of the university on computer security and privacy aspects of identity management and data sensitivity projects.
  • Information Security Services
    • Computer security incident handling and mitigation
    • Security log management
    • Enterprise antivirus protection
    • Access controls to SYSNEWS tools, email, shared volumes and archives
    • Special ID authorization
    • Compliance services for PCI-DSS, DMCA, FERPA and HIPAA
    • Security awareness and computer security training
    • Processing of e-discovery and litigation hold requests
    • SSL certificate management
    • Electronic Data Interchange (EDI) standards and X.12 compliance
    • Security standards
  • Portfolio, Project and Process Services
    • Create and maintain standardized project management processes
    • Provide tools to facilitate the detailed planning/tracking of all complex and significant projects
    • Evaluate and develop a comprehensive Organizational Resilience Program
    • Address the needs of the university in terms of people, process, and technology
    • Provides the framework for the IT Business Continuity Plan
  • Software Licensing Management
    • License asset management, compliance and control
    • License negotiation and procurement
    • SAS grant administration
    • Analysis of campus software needs, interests and directions
    • Creating a cooperative and fair software-purchasing partnership with various campus partners
    • Collaboration with the UNC-GA on university system-wide software licenses

Security and Compliance focus areas and accomplishments are enumerated in each annual report.