IT GRC establishes the framework that guides how IT operates, identifies and manages potential threats, and ensures we adhere to all relevant laws, regulations, and university policies. It's about setting the rules, understanding the dangers, and making sure we play by the book to protect university data and systems.
Key activities include:
- Developing and updating IT and information security policies, standards and procedures.
- Conducting risk assessments to identify vulnerabilities and potential impacts on IT systems and data.
- Implementing and monitoring controls to mitigate identified risks.
- Ensuring compliance with external regulations (e.g., GDPR, local privacy laws) and internal university policies.
- Managing IT audit responses and remediation efforts.
- Promoting a culture of security and compliance awareness across the university.
The IT GRC team is responsibile for maintaining IT Services Department's ISO certifications (ISO 27001 for information security management and ISO 9001 for quality management).