Information Technology Services (ITS)
ISC Risk, Compliance, Metrics and Reporting (IRCMR) Working Group
Terms of Reference
The purpose of the ISC working groups is to develop a set of recommendations as outlined in their mandate and bring them forth to the Information Security Council.
Overall, develop an Information Security Risk Reporting Framework to:
- Develop security status metrics and a reporting framework that will allow units to self-measure their performance against metrics.
- Track the progress of remediation on risk items (for example, units reporting of progress against reporting framework, against risk register items; and from the findings of external (to unit) risk assessments and audit reports).
- Provide feedback on the risk register.
- Develop a framework for internal and external auditors on the type and level of assurance most needed during corresponding audit cycles.
- Provide guidance to the campus Information Risk Assessment Process.
The IRCMR working group will seek input from key stakeholders, subject matter experts and other interested parties from divisional and central units within the campuses of the University during the development of this reporting framework.
Seeking input from stakeholders is important in developing an Information Security Risk Reporting Framework. This process will take time.
|Sue McGlashan (chair)||Information Risk Manager, IS, ITS|
|Steven Butterworth||PCS Manager, Dept Physics, A&S|
|John Kerr||Director, Department of Risk Management and Insurance|
|Serena Persaud||CAO, Student Life|
|Paul Morrison||IT Director, Faculty of Kinesiology & Physical Education|
|Jeffrey Waldman||Manager, Institutional Data Governance, Institutional Research & Data Governance|
|Robin Wilcoxen||Information Risk Program Coordinator|
|Linda Ye||Senior Auditor, Information Systems|
- Academic Technology Reference Group (ATRG)
- Teaching, Learning and Technology Advisory Committee
- Enterprise IT Update Committee (EITU)
- Advisory Committee on Enterprise Information Technology (ACE-IT)
- Faculty & Staff e-Communications Consultation
- Student e-Communications Consultation
- Information Security Council (ISC)
- Toolbox End-User Support Team (T.E.S.T.)
- Call for Agenda
- IT Student Advisory Committee
- Next Generation Enterprise Web Services Advisory Group
- Policy on Information Security and the Protection of Digital Assets