PM-10 Authorization Process
Description
The university integrates authorization processes into its risk management program.
Applicability
- The university’s Chief Information Security Officer (CISO) has the primary responsibility for the implementation of this Control.
Implementation
-
1 - Implement authorization processes to manage the security and privacy of university data and information resources.
-
2 - Designate individuals to fulfill specific roles and responsibilities within the university risk management process.
-
3 - Integrate the authorization processes into a university-wide risk management program