The university develops, disseminates, and periodically reviews/updates formal, documented procedures to facilitate the implementation of the Personnel Security policy and associated personnel security controls.


  • This control applies to the university Chief Information Security Officer (CISO).


  • 1

    The university CISO, in coordination with Information Resource owners, shall develop, document, and disseminate to units a set of controls that addresses the Personnel Security related to the use of information resources. These controls should include purpose, scope, roles, responsibilities, management commitment, coordination among university entities, and compliance.

  • 2

    The CISO shall review and update the Personnel Security controls as necessary.