Governance
The Cyber Security Programs are governed and guided through a formal multi-tiered structure, through the use of various committees. These committees function within their charters and are chaired by the appropriate Executive Manager:
The BSD Cyber Risk Management Group (RMG) evaluates cyber risks posed by information systems, including business practices, and determines whether the risk-benefit calculus is within the organization’s risk appetite and tolerance levels.
TBD
The University of Chicago Audit Committee has the primary responsibility for establishing and maintaining a sufficient system of internal controls. Internal Audit will evaluate internal controls of the BSD adequacy, operating environment, and related accounting, financial and operational policies, and report the results accordingly.
TBD
Committee Charters
| Committee Name | Committee Charter |
|---|---|
| Cyber Risk Management Group | BSD Cyber Risk Management Group Charter |
| Privacy and Security Steering Committee | Privacy and Security Steering Committee Charter |
| University of Chicago Audit Committee | University of Chicago Audit Committee Charter |
| University of Chicago Medical Center Audit Committee | University of Chicago Medical Center Audit Committee Charter |