A unit head is a University official with the highest level of authority over the day-to-day management or oversight of a unit's operation.
Unit heads are broadly responsible for defining and coordinating their unit's information security requirements and procedures. The unit guide to managing data risks explains how you lead unit security efforts.
Guidance for unit heads
Responsibilities according to policy
Unit heads' primary information security responsibilities include:
- Assuming primary policy compliance responsibility for their units.
- Thoroughly understanding the policies, laws, and regulations impacting University information used within their units.
- Implementing procedures to comply with data stewards' policies, standards, and guidelines for the University information within their units.
- Reporting to data trustees the unit's compliance with data management requirements at least annually.
- Requesting end user access to University information only in compliance with data stewards' standards and guidelines and only for end users who have a legitimate interest in access.
- Ensuring that end users are aware of and understand their responsibilities for University information.
- Assuming primary compliance responsibility for the IT resources under their control.
- Identifying local support providers and reporting those individuals or units to IT.
- Developing and implementing an information security plan for the unit consistent with the requirements of this policy and commensurate with the specific security needs of the unit.
- Thoroughly understanding the security risks impacting University information under their control. Security risks should be documented and reviewed with the appropriate data steward so that he or she can determine whether greater resources need to be devoted to mitigating these risks. IT can assist unit heads with gaining a better understanding of their security risks.
- Ensuring the implementation of reasonable and appropriate security controls to protect the confidentiality, integrity, and availability of IT resources within their units.
- Appproving exceptions to this policy.
- Reporting to data trustees the unit's compliance with information security requirements at least annually.