The Information Security Risk and Assurance (ISRA) team at OIT Security & Compliance provides various forms of support for assessments:
- Complete the UNC System Security Framework (baseline — based on ISO 27002) and use the resulting gap analysis to develop plans to improve NC State regulations, standards, processes and technical implementation of computer security.
- Manage assessment and maintenance of university compliance with the Payment Card Industry Data Security Standard (PCI DSS) for all card-payment processing within the university.
- Act as a source of expertise regarding the Family Educational Rights and Privacy Act of 1974 (FERPA) or the Buckley Amendment for student privacy.
- Perform an annual assessment on the computer security of all departments at the university that must comply with the Health Insurance Portability and Accountability Act (HIPAA), assist with staff training, and act as a source of advice on all aspects of HIPAA.
- Act as the university agent responding to Digital Millennium Copyright Act (DMCA) copyright holder notifications of infringement.
- Conduct annual reviews to assess and improve compliance with the copyright provisions of the Higher Education Opportunities Act (HEOA).
- Conduct security assessments of software and other products from an IT security perspective, as requested by university management and staff.