System Security Officer for federal agencies' restricted use data agreements

[Steve Werby <steve.werby () UTSA EDU>]

As part of a restricted-use data agreement with a federal agency, my
university is being asked to designate a System Security Officer (SSO).
As part of the agreement, there are 3 roles - Senior Official (SO),
Principal Project Officer (PPO) and the SSO. The PPO is the senior-most
person in charge of daily operations involving use of the restricted-use
data. The SSO can be assigned by the SO or PPO or the SO or PPO can
serve as the SSO.

 

For reference:

 

The SSO shall be responsible for maintaining the day-to-day security of
the licensed data. The SSO's assigned duties shall include the
implementation, maintenance, and periodic update of the security plan to
protect the data in strict compliance with statutory and regulatory
requirements.

 

In your institutions, what types of individuals serve as the SSO (the
PPO, departmental IT, institutional information security officer,
institutional information security staff, etc.)?

 

-- 

Steve Werby

Information Security Officer

Office of Information Security (OIS)

The University of Texas at San Antonio