Re: System Security Officer for federal agencies' restricted use data agreements

["Mclaughlin, Kevin (mclaugkl)" <mclaugkl () UCMAIL UC EDU>]

I do at UC.


Kevin L. McLaughlin
AVP, Information Security & Special Projects
University of Cincinnati


On Jan 19, 2012, at 2:44 PM, "Steve Werby" <steve.werby () UTSA EDU<mailto:steve.werby () UTSA EDU>> wrote:

As part of a restricted-use data agreement with a federal agency, my university is being asked to designate a System 
Security Officer (SSO). As part of the agreement, there are 3 roles – Senior Official (SO), Principal Project Officer 
(PPO) and the SSO. The PPO is the senior-most person in charge of daily operations involving use of the restricted-use 
data. The SSO can be assigned by the SO or PPO or the SO or PPO can serve as the SSO.

For reference:

The SSO shall be responsible for maintaining the day-to-day security of the licensed data. The SSO's assigned duties 
shall include the implementation, maintenance, and periodic update of the security plan to protect the data in strict 
compliance with statutory and regulatory requirements.

In your institutions, what types of individuals serve as the SSO (the PPO, departmental IT, institutional information 
security officer, institutional information security staff, etc.)?

--
Steve Werby
Information Security Officer
Office of Information Security (OIS)
The University of Texas at San Antonio