101: Institutional Responsibilities
Information Security Manual
Section 100: Information Security Roles and Responsibilities
The purpose of this Institutional Responsibilities document is to clearly outline the roles of President, CIO, and CISO in fulfilling Oregon State University’s responsibilities with respect to information security as directed in the OUS Information Security Policy.
President: As directed in the OUS Information Security Policy, the President has overall oversight responsibility for institutional provisions set forth in that policy. The President will hold the CIO and CISO accountable for instituting appropriate policy and programs to ensure the security, integrity, and availability of OSU’s information assets.
Chief Information Officer (CIO): As directed in the OUS Information Security Policy, the CIO is responsible for ensuring that the institutional policies governing Information Systems, User and Personal Information Security, Security Operations, Network and Telecommunications Security, Physical and Environmental Security, Disaster Recovery, and Awareness and Training are developed and adhered to in accordance with the OUS policy.
Chief Information Security Officer (CISO): Reporting to the CIO, the CISO is responsible for the member institution’s security program and for ensuring that institutional policies, procedures, and standards are developed, implemented maintained and adhered to.