Re: Organization of IT compliance responsibilities

["Lazarus, Carolann" <lazarus () BUFFALO EDU>]

Nick
I'm not sure how much help it will be for your specific question, but you could try the SCCE Society for Corporate 
Compliance and Ethics https://www.corporatecompliance.org/ .  They have a large segment of their membership related to 
higher ed.  I attended their annual Higher Ed compliance conference last year.  You should be able to find some 
resources for setting up a compliance program through them, I'm just not sure if they have anything focused on just IT 
security.   

We don't have a compliance officer/office yet, but there are a number out there.

Carolann Lazarus
Internal Audit
lazarus () buffalo edu
716-829-6947

-----Original Message-----
From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Nick 
Lewis
Sent: Tuesday, February 04, 2014 1:23 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] Organization of IT compliance responsibilities

Hi everyone,

We have internally been discussing compliance recently. I'm working through the Higher Education Compliance Alliance 
resources to see what is already out there. The IT security and compliance program we are setting up is going to be 
proposed as an enterprise wide initiative, but only around IT security. I am trying to understand if anyone has their 
information security programs reporting into a formal Compliance Office/Officer? Or even a formal Compliance 
Office/Officer at their university?

Thanks,

Nick

--
Nick Lewis
Information Security Officer - Director, IT Security and Compliance ITS IT Security and Compliance
Email: nlewis10 () slu edu - Phone: 314-977-1786