The Office of Information Security assists departments that are charged with managing regulatory and contractual compliance related to information security. This assistance includes interpreting compliance requirements, helping design a compliance process, identifying security options to meet compliance requirements, performing gap assessments, and more. This service allows departments responsible for compliance to focus on the business side of compliance while leveraging OIS as a partner for security and technology guidance.
Individual offerings under this service:
- Interpretation of compliance requirements
- Assessment of information security related compliance
- Privacy related requests and inquiries (GDPR, etc.)
- Partnering with business owners and IT service providers
- Payment card compliance (Treasury)
- Research compliance (RIO)
- Campus information security standards (CIO)
- HIPAA compliance (various HIPAA officers)
How is CU better through this service?
A variety of third-parties place specific requirements upon CU to hold the university accountable for appropriate protections and processes. Departments in a number of different business areas within CU are tasked with managing and reporting compliance in their areas. The Office of Information Security brings process, skills and knowledge to support these departments in understanding and meeting these requirements as they relate to information security and privacy. This support reduces the burden on departments managing compliance and provides guidance to effective, efficient and consistent solutions by making the most of existing campus services.
Who can use the service?
Assistance with compliance is available to departments at CU Boulder and System Administration. Generally, OIS partners with the business owner for a compliance function to establish a compliance program and then works with the departments within scope for that compliance program.
What does it cost me?
For departments in scope of existing compliance programs, there is no charge for OIS compliance support. Departments interested in establishing new compliance programs may be asked to help identify funding for staffing and other resources.