The approval process for the deans and Vice Presidents to sign off on the annual information security assessments requires coordination between the Division of IT and the Division Risk Assessment Coordinator (D-RAC) from the college or division.

Step Task Personnel
Step 1 Respond to all findings (i.e. corrective action, risk management decision) Assessor
Step 2 Notify the Division of IT that all risk assessments and related findings are complete Division Risk Assessment Coordinator
Step 3 Create a college/division executive summary which includes:
  • Decisions or actions that the CISO thinks may deserve additional consideration
  • Aggregate data for the college/division
  • Dean/VP signature page
Division of IT
Step 4 Prepare college/division information security assessment report (which includes PDFs of all risk assessments in the college/division) Division of IT
Step 5 Send documentation (i.e. college/division executive summary, college/division information security assessment report) to the D-RAC Division of IT
Step 6 Submit documentation to the dean/VP for signature Division Risk Assessment Coordinator
Step 7 Review and approve college/division executive summary Dean or VP
Step 8 Submit signed dean/VP signature page to Division of IT Division Risk Assessment Coordinator
Step 9 Create university executive summary which includes:
  • Decisions or actions the CISO thinks may deserve additional consideration.
  • Aggregate data for the university
  • CISO Signature Page
Division of IT
Step 10 Review and approve university executive summary Chief Information Security Officer (CISO)
Step 11 Submit university executive summary to the CIO & President Chief Information Security Officer (CISO)