Skip to main content

Roles & Responsibilities

Systemwide Information Security Advisory Committee (SISAC)

This committee will be comprised of the VP for IT, the CIOs, the CISO, a representative from the Office of General Counsel and other ad hoc members as appropriate.


  • Establish goals, objectives and priorities for the information security program.
  • Review and comment on draft elements of the information security program.
  • Provide final approval of all elements of the information security program.
  • Disseminate program elements to system and campus constituencies as new program elements are approved.
  • Communicate with system and campus constituencies frequently to ensure that affected individuals are continuously aware of policy and program elements.

Chief Information Security Officer (CISO)

The CISO will serve as a liaison between the SISAC and the ISG.


  • Communicate the goals, objectives and priorities of the SISAC to the ISG.
  • Present draft elements created by the ISG to the SISAC.
  • Create a template for elements of the information security program to ensure a consistent look and feel.
  • Ensure that the information security program is published prominently and remains up to date.
  • Assist the VP for IT in managing compliance with the information security program by UM units/departments.

Information Security Group (ISG)

This working group will be comprised of the CISO, the Information Security Officer (ISO) from each University entity and other members as appropriate (i.e. HR representatives from each campus when dealing with HR elements of the program).


  • Develop elements of the information security program in accordance with the goals, objectives and priorities of the SISAC.
  • Serve as a conduit for obtaining input from, and communicating program elements to, each University entity.

Other Roles

The Chief Information Officer (CIO) for each University entity will be responsible for communicating, publishing and distributing new policies and program components to their respective entity.

  • CIOs/ISOs will manage compliance within their respective entities.
  • VP for IT will manage compliance within UM departments/units.

Information Security Program Process Diagram

Infosec process

Reviewed 2019-08-05