Re: ISO and Record Management

["Walters, Caroline (cw8de)" <cw8de () ESERVICES VIRGINIA EDU>]

Hi Folks,

As Randy indicated at UVA Records Management does report to the CISO, but I would like to indicate that Records 
Management should be a separate FTE – and be staffed by someone with Records Management experience and training.

I recently spend some time looking at other Universities and where Records Management reports – and also looking 
outside of education.  Attached is a Cohasset Study which done every two years, and shows the trends in RM report – 
it’s growing with IT/Legal/Compliance and moving away from Facilities/Finance.

Also if you have not read the ECAR publications on Records Management and Information Governance, I highly recommend it.
http://www.educause.edu/library/resources/supporting-information-governance-through-records-and-information-management?utm_source=Informz&utm_medium=Email+marketing&utm_campaign=ECAR+Update

Happy to discuss other issues off line.
Caroline



Caroline J Walters, CRM
University Records Officer
Information Security, Policy & Records Office
University of Virginia
Box 400898
Charlottesville, VA 22904
(434) 243-9162
cjwalters () virginia edu<mailto:cjwalters () virginia edu>
www.virginia.edu/recordsmanagement<http://www.virginia.edu/recordsmanagement>

From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of randy
Sent: Thursday, July 31, 2014 2:06 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] ISO and Record Management

The University of Virginia CISO has the Records Mgt responsibility. I think their university's Records Manager reports 
directly to the CISO. Here are VA Tech, Record Mgt is separate from the ISO function. Having said that, my office is 
responsible for ensuring sensitive data standards are enforced.
I agree with Theresa S's assessment of the skill sets needed by ISOs these days. Telling stories that relate to the 
disparate audiences inside an EDU is much more valuable than telling them "this is the way it has to be".
-r.

On Thu, Jul 31, 2014 at 11:05 AM, Emilie Kunze - ACC <ekunze () austincc edu<mailto:ekunze () austincc edu>> wrote:
We have an ISO position with a separate Records Management area.

Emilie Kunze
IT Security Analyst
Information Security
Austin Community College
512.223.1157<tel:512.223.1157>

P Please consider the environment before you print this e-mail.


                                                  CONFIDENTIAL NOTICE
This communication, including any attachments, may contain confidential information and is intended only for the 
individual or entity to which it is addressed. Any review, dissemination, or copying of this communication by anyone 
other than the intended recipient is strictly prohibited. If you are not the intended recipient, please contact the 
sender by reply e-mail, delete and destroy all copies of the original message.


On Thu, Jul 31, 2014 at 9:43 AM, Dennis Levine <dennis_levine () emerson edu<mailto:dennis_levine () emerson edu>> 
wrote:

Hi All,



We're trying to get a sense of how many schools have an ISO, have a separate Records Manager and if anyone has combined 
the two positions? If you have an ISO, is that the only function of the position or are there other job duties 
performed by that position?



Thanks,

Dennis Levine


Dennis Levine | Network and Security Administrator | 120 Boylston Street  Boston, MA  02116-4624 | (617) 
824-8972<tel:%28617%29%20824-8972> | Dennis_Levine () emerson edu<mailto:Dennis_Levine () emerson edu> | 
www.emerson.edu<http://www.emerson.edu>
[emerson]

Attachment: RIMBenchmarking-CohassetAssoc-reporting.pdf
Description: RIMBenchmarking-CohassetAssoc-reporting.pdf