Information Security and IT Compliance Council
The Information Security and IT Compliance Council (ISICC) serves as a subcommittee of the Information Management Council (IMC). In this role, the ISICC provides input and support to the IMC in the areas of information security and IT compliance. The ISICC directly supports the IMC's mission of ensuring that appropriate and cost-effective information protection measures are applied to MUSC's information and IT assets, and serves as an advocate for the continuous improvement of MUSC's information security program.
The ISICC, working in close partnership with the IMC and with other groups and participants in the MUSC IT Governance process, performs the following
- Provides guidance and oversight to MUSC's information security program, with particular emphasis on information security risk assessment processes, which are critical to policy, strategy, and funding decisions at the enterprise level.
- Ensures that MUSC's information security policies, standards and guidelines are regularly reviewed and updated; when significant changes are needed, presents the IMC with appropriate briefings and recommendations.
- Ensures that the effectiveness of MUSC's information security program is continuously monitored and evaluated.
- Seeks to ensure that MUSC's IT policies and procedures are sufficient to meet applicable legal, regulatory and contractual requirements.
- Sets overall priorities and provides oversight for all information security and IT compliance projects, including post-implementation reviews with an assessment of whether expected benefits and returns on investment are realized.
Membership on the ISCC shall be determined by the IMC. The chairperson of the ISICC shall be determined by its membership. The IMC shall periodically review the ISICC's membership and make adjustments as necessary.
Initial Membership List:
- Richard Gadsden, Information Security Office
- Reece Smith, University Compliance Office, MUHA Compliance Office
- Acker, Julie, UMA Compliance Department
- David Moses, Internal Audit (consultative)
- Kurt Nendorf, OCIO Director of Infrastructure Systems
- Joseph Good, University Counsel
- Annette Drachman, MUHA Counsel
- Representative, FAIC
- Representative, PIC
- Representative, CIIC