Section 3361:10-17-13 - Conduct and ethics: information security(A) The associate vice president and chief information security officer has authority, in consultation with the office of general counsel and in coordination and collaboration with other appropriate university offices, to establish and maintain a university information security program to protect the security, integrity, and availability of sensitive information by implementing appropriate security controls and maintaining compliance with the applicable laws and regulations.(B) The associate vice president and chief information security officer may, in consultation with the office of general counsel and in coordination and collaboration with other appropriate university offices, establish written information security policies, procedures, and standards to comply with the information security program and to support reduction of risk to university technology or data assets.(C) The office of information security may establish protocols, in consultation with the office of general counsel and in coordination and collaboration with other appropriate university offices, for the collection, processing, and management of digital evidence and electronics records as necessary to support university departments tasked with investigating violations of university rules, policies, procedures, and standards.(D) The associate vice president and chief information security officer shall at least annually provide a written report to a subcommittee of the board of trustees on the state of the university information security program.Ohio Admin. Code 3361:10-17-13
Effective: 11/13/2024
Promulgated Under: 111.15
Statutory Authority: 3361
Rule Amplifies: 3361