CINXE.COM

<!DOCTYPE html> <html lang="en" dir="ltr" prefix="og: https://ogp.me/ns#"> <head> <meta charset="utf-8" /> <meta name="description" content="RoleResponsibilitiesNotesCyber-risk Responsible Executive (CRE) " /> <link rel="canonical" href="https://it.ucsf.edu/standards-and-guidelines/ucsf-650-16-addendum-ucsf-roles-and-responsibilities-securing-institutional" /> <meta name="google-site-verification" content="xEaB4dnmBmiRU7eUe_PAFXLsD1MjDF2dg4vZUgP1W0U" /> <meta name="Generator" content="Drupal 10 (https://www.drupal.org)" /> <meta name="MobileOptimized" content="width" /> <meta name="HandheldFriendly" content="true" /> <meta name="viewport" content="width=device-width, initial-scale=1.0" /> <meta itemprop="acquia_lift:content_title" content="UCSF 650-16 Addendum A - UCSF Roles and Responsibilities for Securing Institutional Information and IT Resources" /> <meta itemprop="acquia_lift:content_type" content="policy" /> <meta itemprop="acquia_lift:page_type" content="node page" /> <meta itemprop="acquia_lift:context_language" content="en" /> <meta itemprop="acquia_lift:content_section" content="" /> <meta itemprop="acquia_lift:content_keywords" content="" /> <meta itemprop="acquia_lift:post_id" content="10790" /> <meta itemprop="acquia_lift:content_uuid" content="d5579764-f41c-475a-b6f5-888b75919a15" /> <meta itemprop="acquia_lift:published_date" content="1581727541" /> <meta itemprop="acquia_lift:persona" content="" /> <meta itemprop="acquia_lift:engagement_score" content="1" /> <meta itemprop="acquia_lift:account_id" content="UCSF_IT" /> <meta itemprop="acquia_lift:site_id" content="prod-sherpa" /> <meta itemprop="acquia_lift:liftAssetsURL" content="https://lift3assets.lift.acquia.com/stable" /> <meta itemprop="acquia_lift:bootstrapMode" content="auto" /> <meta itemprop="acquia_lift:contentReplacementMode" content="trusted" /> <meta itemprop="acquia_lift:cdfVersion" content="1" /> <script src="https://lift3assets.lift.acquia.com/stable/lift.js" async></script> <link rel="icon" href="/themes/custom/its_default/favicon.ico" type="image/vnd.microsoft.icon" /> <title>UCSF 650-16 Addendum A - UCSF Roles and Responsibilities for Securing Institutional Information and IT Resources | UCSF IT</title> <link rel="stylesheet" media="all" href="/sites/it.ucsf.edu/files/css/css_FBBRL_qmni-VFlN0kJYFaDjoTloDYxzHHT9AzmdfXak.css?delta=0&language=en&theme=its_default&include=eJxVjutyAyEIhV-I6CPtsIqGDkpGMNvt09d2tp3kD7cDHwfNyDfuH5RcR0xmYZ8ia1b4kwyKdseDTBvFlzrYs4IRjnTfcLombY91RNHvtNTGnRtKWDhIOijmMR-rf10FO82pxR2NIAmanW91IzOsdAG6jgXkLwJ22zIVnOKxiu4oN_NTuNc36cfs7XILB-1lAeKVQ2YUrfBkOiz-xtA0T_l_3jUTFMG6Ydf-5-Ub1bZ1rw" /> <link rel="stylesheet" media="all" href="/sites/it.ucsf.edu/files/css/css_Vk9sdugF5SGq1OIRjpUAAEysUvy8v4XW-NnnpDGHRZ0.css?delta=1&language=en&theme=its_default&include=eJxVjutyAyEIhV-I6CPtsIqGDkpGMNvt09d2tp3kD7cDHwfNyDfuH5RcR0xmYZ8ia1b4kwyKdseDTBvFlzrYs4IRjnTfcLombY91RNHvtNTGnRtKWDhIOijmMR-rf10FO82pxR2NIAmanW91IzOsdAG6jgXkLwJ22zIVnOKxiu4oN_NTuNc36cfs7XILB-1lAeKVQ2YUrfBkOiz-xtA0T_l_3jUTFMG6Ydf-5-Ub1bZ1rw" /> <link rel="stylesheet" media="all" href="/sites/it.ucsf.edu/files/css/css_xKSbp5cPSWe-Io6Tw18ONmCTBf_DQL5aL8avjxAqkEA.css?delta=2&language=en&theme=its_default&include=eJxVjutyAyEIhV-I6CPtsIqGDkpGMNvt09d2tp3kD7cDHwfNyDfuH5RcR0xmYZ8ia1b4kwyKdseDTBvFlzrYs4IRjnTfcLombY91RNHvtNTGnRtKWDhIOijmMR-rf10FO82pxR2NIAmanW91IzOsdAG6jgXkLwJ22zIVnOKxiu4oN_NTuNc36cfs7XILB-1lAeKVQ2YUrfBkOiz-xtA0T_l_3jUTFMG6Ydf-5-Ub1bZ1rw" /> <script src="https://kit.fontawesome.com/051d69e97e.js" defer crossorigin="anonymous"></script> </head> <body class="page-node-10790 path-node page-node-type-policy"> <a href="#main-content" class="visually-hidden focusable skip-link"> Skip to main content </a> <div class="dialog-off-canvas-main-canvas" data-off-canvas-main-canvas> <div class="layout-container app"> <header class="bg-coral" data-search-and-menu-visibility> <section class="topnavbar"> <div class="container"> <nav> <a href="http://www.ucsf.edu" target="_blank" class="">University of California San Francisco</a> <a href="https://giving.ucsf.edu" target="_blank" class="header-give hide-mobile">Give to UCSF</a> </nav> </div> </section> <div class="main-navigation"> <div class="container"> <div class="flex-grid"> <a href="/" aria-current="page" class="router-link-exact-active router-link-active"> <div class="site-title"> <h1>UCSF IT Technology</h1> </div> </a> <div class="navbar"> <nav role="navigation" aria-labelledby="block-mainnavigation-menu" id="block-mainnavigation" class="block block-menu navigation menu--main"> <h2 class="visually-hidden" id="block-mainnavigation-menu">Main navigation</h2> <ul class="menu menu-top-level"> <li class="menu-item menu-item--expanded dropdown-menu-parent"> <a href="/status" data-drupal-link-system-path="node/108351">Status</a> <svg aria-hidden="true" focusable="false" data-prefix="far" data-icon="chevron-down" role="presentation" xmlns="http://www.w3.org/2000/svg" viewbox="0 0 448 512" class="icon svg-inline--fa fa-chevron-down fa-w-14"> <path fill="currentColor" d="M441.9 167.3l-19.8-19.8c-4.7-4.7-12.3-4.7-17 0L224 328.2 42.9 147.5c-4.7-4.7-12.3-4.7-17 0L6.1 167.3c-4.7 4.7-4.7 12.3 0 17l209.4 209.4c4.7 4.7 12.3 4.7 17 0l209.4-209.4c4.7-4.7 4.7-12.3 0-17z" class=""></path> </svg> <ul class="dropdown-menu"> <li class="menu-item dropdown-menu-item"> <a href="/ucsf-security-update-announcements" data-drupal-link-system-path="node/117061">Security Announcements</a> </li> </ul> </li> <li class="menu-item menu-item--expanded dropdown-menu-parent"> <a href="/services" data-drupal-link-system-path="node/108356">Services</a> <svg aria-hidden="true" focusable="false" data-prefix="far" data-icon="chevron-down" role="presentation" xmlns="http://www.w3.org/2000/svg" viewbox="0 0 448 512" class="icon svg-inline--fa fa-chevron-down fa-w-14"> <path fill="currentColor" d="M441.9 167.3l-19.8-19.8c-4.7-4.7-12.3-4.7-17 0L224 328.2 42.9 147.5c-4.7-4.7-12.3-4.7-17 0L6.1 167.3c-4.7 4.7-4.7 12.3 0 17l209.4 209.4c4.7 4.7 12.3 4.7 17 0l209.4-209.4c4.7-4.7 4.7-12.3 0-17z" class=""></path> </svg> <ul class="dropdown-menu"> <li class="menu-item dropdown-menu-item"> <a href="https://one.ucsf.edu">Projects</a> </li> </ul> </li> <li class="menu-item"> <a href="/how-to" data-drupal-link-system-path="node/108361">How To</a> </li> <li class="menu-item"> <a href="/news-events" data-drupal-link-system-path="node/132106">News & Events</a> </li> <li class="menu-item"> <a href="/about-us" title="About UCSF IT" data-drupal-link-system-path="node/108071">About Us</a> </li> <li> <a href="/saml_login?destination=/standards-and-guidelines/ucsf-650-16-addendum-ucsf-roles-and-responsibilities-securing-institutional" class="user"> <svg aria-hidden="true" focusable="false" data-prefix="far" data-icon="user-alt" role="presentation" xmlns="http://www.w3.org/2000/svg" viewbox="0 0 512 512" class="svg-inline--fa fa-user-alt fa-w-16"> <path fill="currentColor" d="M384 336c-40.6 0-47.6-1.5-72.2 6.8-17.5 5.9-36.3 9.2-55.8 9.2s-38.3-3.3-55.8-9.2c-24.6-8.3-31.5-6.8-72.2-6.8C57.3 336 0 393.3 0 464v16c0 17.7 14.3 32 32 32h448c17.7 0 32-14.3 32-32v-16c0-70.7-57.3-128-128-128zm80 128H48c0-21.4 8.3-41.5 23.4-56.6C86.5 392.3 106.6 384 128 384c41.1 0 41-1.1 56.8 4.2 23 7.8 47 11.8 71.2 11.8 24.2 0 48.2-4 71.2-11.8 15.8-5.4 15.7-4.2 56.8-4.2 44.1 0 80 35.9 80 80zM256 320c88.4 0 160-71.6 160-160S344.4 0 256 0 96 71.6 96 160s71.6 160 160 160zm0-272c61.8 0 112 50.2 112 112s-50.2 112-112 112-112-50.2-112-112S194.2 48 256 48z" class=""></path> </svg> Log In </a> </li> </ul> </nav> <div id="global-search-dropdown" class=""> <div class="search-icon"> <div> <span class="visually-hidden">Open</span> <span class="visually-hidden">Close</span> <span class="hide-mobile">Search</span> </div> </div> <div class="search--dropdown"> <form action="/search" accept-charset="utf-8" method="get" autocomplete="off" class="search"> <label for="header-search" class="search__label">Small screen search</label> <input type="text" name="search" value="" placeholder="Search services, how-to articles, other IT information" class="search__input"> <input type="submit" value="Search" class="search__submit"> </form> </div> </div> <div class="toggle-nav"> <span class="visually-hidden">Open menu</span> </div> </div> </div> </div> </div> <div class="give-mobile"> <a href="https://giving.ucsf.edu" class="give">Give to UCSF</a> </div> </header> <div class="region-breadcrumb"> <div id="block-breadcrumbs" class="block block-system block-system-breadcrumb-block"> <div class="content"> <nav role="navigation" aria-labelledby="system-breadcrumb"> <h2 id="system-breadcrumb" class="visually-hidden">Breadcrumb</h2> <ol class="breadcrumb"> <li class="breadcrumb-item"><a href="/">Home</a></li> <li class="breadcrumb-item"><a href="/standards-and-guidelines">Standards and Guidelines</a></li> <li class="breadcrumb-item">UCSF 650-16 Addendum A - UCSF Roles and Responsibilities For Securing Institutional Information and IT Resources</li> </ol> </nav> </div> </div> </div> <main role="main"> <a id="main-content" tabindex="-1"></a> <div class="layout-content content"> <div class="region-content"> <div id="block-its-default-content" class="block block-system block-system-main-block"> <article data-history-node-id="10790" class="node node--type-policy node--view-mode-full"> <div class="node__content"> <div class="container sidebar-visible"> <main class="page-content"> <div class="privacy-warning"> <div class="iconography"><svg aria-hidden="true" focusable="false" data-prefix="fal" data-icon="eye" role="presentation" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 576 512" class="svg-inline--fa fa-eye fa-w-18"><path fill="currentColor" d="M288 288a64 64 0 0 0 0-128c-1 0-1.88.24-2.85.29a47.5 47.5 0 0 1-60.86 60.86c0 1-.29 1.88-.29 2.85a64 64 0 0 0 64 64zm284.52-46.6C518.29 135.59 410.93 64 288 64S57.68 135.64 3.48 241.41a32.35 32.35 0 0 0 0 29.19C57.71 376.41 165.07 448 288 448s230.32-71.64 284.52-177.41a32.35 32.35 0 0 0 0-29.19zM288 96a128 128 0 1 1-128 128A128.14 128.14 0 0 1 288 96zm0 320c-107.36 0-205.46-61.31-256-160a294.78 294.78 0 0 1 129.78-129.33C140.91 153.69 128 187.17 128 224a160 160 0 0 0 320 0c0-36.83-12.91-70.31-33.78-97.33A294.78 294.78 0 0 1 544 256c-50.53 98.69-148.64 160-256 160z" class=""></path></svg></div> <p class="viewable-by">This content is viewable by <span class="">Everyone</span></p> </div> <p class="page-label"><span class="rectangle"></span><span class="label-text">Standard</span></p> <div class="row page-title"> <h1>UCSF 650-16 Addendum A - UCSF Roles and Responsibilities for Securing Institutional Information and IT Resources</h1> </div> <div class="block block-layout-builder block-extra-field-blocknodepolicyflag-save"> <p class="flag flag-anon-message flag-save js-flag-save-10790 action-flag"> <span class="label" data-selector=".flag-anon-save-10790"><span class="far fa-bookmark"></span> Save</span> <p title="Want to save this page for later?" class="flag-anon-message flag-anon-save-10790" style="display:none"><a href="/saml_login?flag_anon=save-10790&destination=/standards-and-guidelines/ucsf-650-16-addendum-ucsf-roles-and-responsibilities-securing-institutional">Log in via MyAccess to save</a>.</p> </p> </div> <div class="row"> <ul class="list-group"> <li class="list-group-item"> <strong class="field__label">Effective Date: </strong> <time datetime="2023-05-19T12:00:00Z" class="datetime">May 19, 2023</time> </li> </ul> </div> <div class="row"> <ul class="list-group"> <li class="list-group-item"> <p class="field field--name-field-impacted-services field--type-entity-reference field--label-above"> <strong class="field__label">Impacted Services</strong> <span><a href="/service/it-security-outreach-and-training" hreflang="en">IT Security Outreach and Training</a> </span> </p> </li> </ul> </div> <div class="wysiwyg-content row"> <div class="field-body"><table class="MsoTableGrid" style="width:902px;"><thead><tr><td style="width:194px;" valign="bottom"><p align="center"><span><strong>Role</strong></span></p></td><td style="width:392px;" valign="bottom"><p align="center"><span><strong>Responsibilities</strong></span></p></td><td style="width:295px;" valign="bottom"><p align="center"><span><strong>Notes</strong></span></p></td></tr></thead><tbody><tr><td style="width:194px;" valign="top"><p class="Default"><span><strong>Cyber-risk Responsible Executive (CRE)</strong></span></p><p> </p></td><td style="width:392px;" valign="top"><ul><li class="Default"><span>Ensures that the responsible parties understand and execute their responsibilities under these policies</span><a href="#_ftn1" title><span class="MsoFootnoteReference">[1]</span></a><span>.</span></li><li class="Default"><span>Ensures the Location-wide adoption of the ISMP covered in the </span><a href="https://policy.ucop.edu/doc/7000543/BFB-IS-3"><span><strong>University of California – Policy BFB-IS-3: Electronic Information Security</strong></span></a><span>: Information Security Management Program, and an information security risk management strategy as well as the adoption of the </span><a href="https://policies.ucsf.edu/policy/650-16"><span><strong>University of California San Francisco – Policy 650-16: Information Security & Confidentiality</strong></span></a><span><strong>.</strong> </span></li><li class="Default"><span>Reviews the Location’s overall information security Risk Assessments and identifies key risks affecting the Location. Evaluates the Location’s level of cyber risk to make decisions about risk mitigation and risk acceptance.</span></li><li class="Default"><span>Approves the Location policy exception process.</span></li><li class="Default"><span>Participates in systemwide initiatives related to information security and information security risk management.</span></li><li><span>Evaluates information security risk and ensures appropriate funding for information security.</span></li></ul></td><td style="width:295px;" valign="top"><p> </p></td></tr><tr><td style="width:194px;" valign="top"><p class="Default"><span><strong>UC Systemwide Chief Information Security Officer</strong></span></p></td><td style="width:392px;" valign="top"><ul><li class="Default"><span>Ensures implementation of systemwide policies in coordination with Location officials.</span></li><li class="Default"><span>Supports systemwide policy and facilitates regular communication among Locations to address consistent implementation of systemwide policies throughout UC.</span></li></ul></td><td style="width:295px;" valign="top"><p class="Default"><span>May be appointed by the UC executive vice president and chief operating officer to act as CISO for assigned Office of the President Locations.</span></p></td></tr><tr><td style="width:194px;" valign="top"><p class="Default"><span><strong>Chief Information Officer (CIO)</strong></span></p></td><td style="width:392px;" valign="top"><ul><li class="Default"><span>Provides operational oversight for the delivery of information technology services that meet the requirements of these policies.</span></li><li class="Default"><span>Plans and directs information security Risk Assessments for the Location.</span></li><li class="Default"><span>Provides management oversight for information security planning, implementation, budgeting, staffing, program development and reporting.</span></li><li class="Default"><span>Sets operational priorities and obtains alignment with the CRE and Location leadership.</span></li></ul></td><td style="width:295px;" valign="top"><p class="Default"><span>Senior IT executive, IT Leadership Council member.</span></p></td></tr><tr><td style="width:194px;" valign="top"><p class="Default"><span><strong>Chief Information Security Officer (CISO)</strong></span></p></td><td style="width:392px;" valign="top"><ul><li class="Default"><span>Assists the Location in the interpretation and application of these policies.</span></li><li class="Default"><span>Provides management and execution oversight of the ISMP through collaborative relationships with CRE, CIO, academic and administrative officials, using Location governance structures and compliance strategies.</span></li><li class="Default"><span>Reports Information Security Incidents to UCOP, appropriate Location leadership and the Location CRE.</span></li><li class="Default"><span>Manages the Location exception process for these policies.</span></li><li class="Default">Provides annual cybersecurity awareness training to all Workforce Members to ensure they understand common security risks and their role in protecting Institutional Information and IT Resources, managing security risk, and reporting security incidents.</li></ul></td><td style="width:295px;" valign="top"><p class="Default"> </p></td></tr><tr><td style="width:194px;" valign="top"><p class="Default"><span><strong>Unit Head</strong></span></p></td><td style="width:392px;" valign="top"><ul><li class="Default"><span>Oversees the execution of these policies within the Unit.</span></li><li class="Default"><span>Assigns one or more individual(s) with oversight of the execution of information security responsibilities within the Unit. This role is called the Unit Information Security Lead.</span></li><li class="Default"><span>Identifies and inventories Institutional Information and IT Resources managed by the Unit.</span></li><li class="Default"><span>Ensures that Risk Assessments are complete and Risk Treatment Plans are implemented.</span></li><li class="Default"><span>Specifies the Protection Level and Availability requirements to Service Providers who manage IT Resources on behalf of the Unit.</span></li><li class="Default"><span>Through the risk management process, ensures that protection of Institutional Information and IT Resources managed by Service Providers meets the requirements of these policies.</span></li><li class="Default"><span>Through the risk management process, ensures that Institutional Information and IT Resources managed by Suppliers meet the requirements of these policies.</span></li><li class="Default"><span>Reports Information Security Incidents to the CISO.</span></li><li class="Default"><span>Reports to the CISO any information security policy or standard that is not fully met by the Unit, or by a Service Provider managing Institutional Information or IT Resources on behalf of the Unit.</span></li><li class="Default"><span>Ensures the above responsibilities are included in the overall Unit planning and budgeting process.</span></li><li class="Default"><span>Maintains relationship with and inventory of Service Providers managing Institutional Information or IT Resources on behalf of the Unit.</span></li><li class="Default"><span>Ensures that all Workforce Members within the Unit complete annual cybersecurity awareness training. </span></li><li class="Default">Ensures that IT Workforce Members within the Unit have appropriate IT security skills and qualifications, receive regular training related to their job requirements, and understand policies, procedures, and best practices to maintain acceptable standards of information security.</li><li class="Default">Ensures that IT Workforce Members within the unit complete Anti-Phishing Training as described in the <a href="https://it.ucsf.edu/how-to/standard-process-confirmed-phishing-link-clicks-2" rel="noreferrer noopener" target="_blank">Standard Process for Confirmed Phishing Link Clicks.</a></li><li class="Default">Oversees the unit’s cybersecurity efforts by setting up regular communications with the Unit Information Security Lead. Looks for communications from your Location’s CRE and CISO. Ensures Unit Information Security Lead is added to the IT Security Update Listservs as described by the <a href="https://it.ucsf.edu/how-to/standard-requirement-unit-information-security-leads-receive-it-security-update-emails">Standard Requirement for Unit Information Security Leads To Receive IT Security Update Emails</a>.</li></ul></td><td style="width:295px;" valign="top"><ul><li class="Default"><span>Units are defined as Control Points for purposes of this standard.  UCSF Control Points are:</span><ul><li class="Default"><span>School of Medicine</span></li><li class="Default"><span>School of Pharmacy</span></li><li class="Default"><span>School of Nursing</span></li><li class="Default"><span>School of Dentistry</span></li><li class="Default"><span>Financial and Administrative Services</span></li><li class="Default"><span>Executive Vice Chancellor and Provost</span></li><li class="Default"><span>Community and Government Relations</span></li><li class="Default"><span>Development</span></li><li class="Default"><span>UCSF Health</span></li><li class="Default"><span>Global Health</span></li><li class="Default"><span>Langley Porter</span></li><li class="Default"><span>Diversity & Outreach</span></li><li class="Default"><span>Communications</span></li><li class="Default"><span>Chancellor’s Office</span></li></ul></li><li class="Default"><span> A Unit Head is characterized by having budget control and/or control or authority over IT Resources and/or Institutional Information.</span></li><li class="Default"><span>Unit Heads may delegate specific information security responsibilities to Workforce Members under their area of responsibility, Service Providers or Suppliers. The Unit Head must ensure that this delegation of responsibility is clear and unambiguous by developing additional roles within their Control Point. Any Unit information security responsibilities not expressly delegated to, and accepted by, a Service Provider or Supplier remain the responsibility of the Unit Head.</span></li></ul></td></tr><tr><td style="width:194px;" valign="top"><p class="Default"><span><strong>Service Provider</strong></span></p></td><td style="width:392px;" valign="top"><ul><li class="Default"><span>Documents and delivers IT services in compliance with these policies, other UC policies and applicable Location policies.</span></li><li class="Default"><span>Notifies the Unit Head of any policy provisions that are unmet or require additional controls by the Unit.</span></li><li class="Default"><span>Supports Units in completing Risk Assessments related to the services provided.</span></li><li class="Default"><span>Coordinates with Units to implement appropriate security measures in conjunction with UCSF IT Security.</span></li><li class="Default"><span>Coordinates with Units to respond to potential and confirmed Information Security Incidents in conjunction with UCSF IT Security.   </span></li></ul></td><td style="width:295px;" valign="top"><ul><li class="Default"><span>Can be a central IT group, another Unit, another UC Location or UC service center providing specific IT services to a Unit.</span></li><li class="Default"><span>Service Providers can be Units for the purposes of these policies.</span></li><li class="Default"><span>Service Providers are internal UC entities for the purposes of these policies.</span></li><li class="Default"><span>External suppliers are covered under UC Policy BFB IS-3, section 15.</span></li></ul></td></tr><tr><td style="width:194px;" valign="top"><p class="Default"><span><strong>Institutional Information Proprietor</strong></span></p></td><td style="width:392px;" valign="top"><ul><li class="Default"><span>Assumes overall responsibility for establishing the Protection Level classification, access to and release of a defined set of Institutional Information.</span></li><li class="Default"><span>Classifies Institutional Information under their area of responsibility in accordance with these policies.</span></li><li class="Default"><span>Establishes and documents rules for use of, access to, approval for use of and removal of access to the Institutional Information related to their area of responsibility.</span></li><li class="Default"><span>Notifies Units, users, Service Providers and Suppliers of the Institutional Information Protection Level.</span></li><li class="Default"><span>Approves Institutional Information transfers and access related to their areas of responsibility.</span></li><li class="Default"><span>Notifies Units, Service Providers and Suppliers of any changes in requirements set by the Institutional Information Proprietor.</span></li></ul></td><td style="width:295px;" valign="top"><ul><li class="Default"><span>The Institutional Information Proprietor is responsible for their defined set of Institutional Information regardless of the Unit holding the data.</span></li><li class="Default"><span>Responsibilities of this role may affect Unit, Service Provider and Supplier requirements.  Examples of Institutional Information include such things as Human Resource and Financial Data.</span></li></ul></td></tr><tr><td style="width:194px;" valign="top"><p class="Default"><span><strong>Workforce Manager</strong></span></p></td><td style="width:392px;" valign="top"><ul><li class="Default"><span>Complies with these policies.</span></li><li class="Default">Performs duties assigned by the Unit Head. </li></ul></td><td style="width:295px;" valign="top"><p class="Default"><span>See </span><a href="https://security.ucop.edu/policies/it-policy-glossary.html"><span>UC IT Policy Glossary</span></a><span>. Typically managers or supervisors.</span></p></td></tr><tr><td style="width:194px;" valign="top"><p class="Default"><span><strong>Workforce Member</strong></span></p></td><td style="width:392px;" valign="top"><ul><li class="Default"><span>Complies with these policies.</span></li><li class="Default">Completes annual cybersecurity awareness training.</li><li class="Default">Completes Anti-Phishing Training as described in the <a href="https://it.ucsf.edu/how-to/standard-process-confirmed-phishing-link-clicks-2" rel="noreferrer noopener" target="_blank">Standard Process for Confirmed Phishing Link Clicks.</a></li></ul></td><td style="width:295px;" valign="top"><p class="Default"><span>See </span><a href="https://security.ucop.edu/policies/it-policy-glossary.html"><span>UC IT Policy Glossary</span></a><span>. A broad term encompassing all individuals who perform work for UC in any capacity.</span></p></td></tr><tr><td style="width:194px;" valign="top"><p class="Default"><span><strong>Researcher</strong></span></p></td><td style="width:392px;" valign="top"><ul><li class="Default"><span>Complies with all responsibilities of Workforce Members.</span></li><li class="Default"><span>Uses a Location-approved Risk Treatment Plan or conducts a Risk Assessment to ensure that information security requirements are met.</span></li><li class="Default"><span>Identifies the appropriate Institutional Information Protection Level defined in these policies for research data.</span></li><li class="Default"><span>Identifies and meets confidentiality and data security obligations based on laws, regulations, policies, grants, contracts and binding commitments (such as data use agreements and participant consent agreements) relating to research data.</span></li><li class="Default"><span>Creates and maintains evidence that demonstrates how security controls were implemented and kept current throughout the project.</span></li><li class="Default"><span>Develops and follows an information security plan that manages security risk over the course of their project.</span></li><li class="Default"><span>Ensures that Suppliers who store or process Institutional Information during the project follow UC policy for written contracts.</span></li><li class="Default"><span>Ensures that Supplier agreements include approved terms supporting the information security controls specified in these policies and applicable UC purchasing requirements.</span></li></ul></td><td style="width:295px;" valign="top"><p> </p></td></tr><tr><td style="width:194px;" valign="top"><p class="Default"><span><strong>Unit Information Security Lead</strong></span></p><p> </p></td><td style="width:392px;" valign="top"><ul><li class="Default"><span>Provides oversight and execution of information security responsibilities within the Unit.</span></li><li class="Default">Performs duties assigned by the Unit Head. </li><li class="Default">Is a member of either the SEC-AUTO or SECURITY-UPDATE listserv to assure the receipt of security update email communications as described in the <a href="https://it.ucsf.edu/how-to/standard-requirement-unit-information-security-leads-receive-it-security-update-emails">Standard Requirement for Unit Information Security Leads To Receive IT Security Update Emails.</a></li></ul><p> </p></td><td style="width:295px;" valign="top"><p class="Default"><span>The Unit Head assigns this role to Workforce Member(s) to carry out Unit responsibilities under these policies. The Unit Head can also perform this role.</span></p></td></tr></tbody></table><p><strong>Additional Information</strong></p><p><a href="https://security.ucop.edu/policies/quick-start-guides-by-role/service-provider.html">UCOP Quick Start Guide by Role</a></p><div><hr align="left" size="1" width="33%"><div id="ftn1"><p class="MsoFootnoteText"><a href="#_ftnref1" title><span class="MsoFootnoteReference">[1]</span></a><span>“These policies” refers to the </span><a href="https://policy.ucop.edu/doc/7000543/BFB-IS-3"><span><strong>University of California – Policy BFB-IS-3: Electronic Information Security</strong></span></a><span> and<strong> </strong></span><a href="https://policies.ucsf.edu/policy/650-16"><span><strong>University of California San Francisco – Policy 650-16: Information Security & Confidentiality</strong></span></a><span><strong>.</strong></span></p></div></div><p> </p></div> </div> <div class="row"> <div class="ownership-well"> <ul class="list-group"> <li class="list-group-item"> <strong class="field__label">Owning Team: </strong> <a href="/directory/team/it-security" hreflang="en">IT Security</a> </li> <li class="list-group-item"></li> </ul> </div> </div> <div class="row"> <div class="related-content"> <div class="row"> <div class="related-content-title"> <h2 class="title">Related Information</h2><div class="flare"></div> </div> <ul class="list-group"> <li class="list-group-item list-group-title"><a href="/standards-and-guidelines/ucsf-650-16-addendum-b-ucsf-minimum-security-standards-electronic-information" hreflang="en">UCSF 650-16 Addendum B - UCSF Minimum Security Standards for Electronic Information Resources</a></li> </ul> </div> <div class="views-element-container block block-views block-views-blockrelated-news-block-1"> <div><div class="view view-related-news view-id-related_news view-display-id-block_1 js-view-dom-id-72b7024a2ca1f8817a6b9ce02bc1a43bd1707e9319ddd3e283392d8658f1144a"> <div class="view-header"> <div class="related-content-title"><h2 class="title">Related News</h2><div class="flare"></div></div> </div> <div class="view-content"> <div> <ul class="list-group"> <li class="list-group-item list-group-title"><div class="views-field views-field-title"><span class="field-content"><a href="/news-events/news/follow-uc-and-ucsf-it-security-policies-protect-ucsfs-patients-research-learners" hreflang="en">Follow UC and UCSF IT Security Policies to Protect UCSF’s Patients, Research, Learners, and Employees</a></span></div><span class="views-field views-field-uid"><span class="field-content">Esther Silver</span></span>/<span class="views-field views-field-field-news-date"><span class="field-content">Tuesday, May 14, 2024</span></span></li> <li class="list-group-item list-group-title"><div class="views-field views-field-title"><span class="field-content"><a href="/news-events/news/follow-uc-policies-meet-regulatory-requirements" hreflang="en">Follow UC Policies to Meet Regulatory Requirements</a></span></div><span class="views-field views-field-uid"><span class="field-content">Esther Silver</span></span>/<span class="views-field views-field-field-news-date"><span class="field-content">Wednesday, May 17, 2023</span></span></li> </ul> </div> </div> </div> </div> </div> </div> </div> </main> <aside class="sidebar"> <div class="mobile-sidebar-controls"><div class="toggle-sidebar"></div><span>Section Menu</span></div> <div class="views-element-container block block-views block-views-blockhierarchical-sidebar-content--block-3"> <div><div class="view view-hierarchical-sidebar-content- view-id-hierarchical_sidebar_content_ view-display-id-block_3 js-view-dom-id-fcc217bf3487b823ca6938bc32921e9a703e495ab568a77f5ad3505dcc138fbc"> <div class="view-content"> <div><div class="views-field views-field-title sidebar-menu"><div class="field-content menu-heading">IT Security Outreach and Training</div></div> <div><ul class="sidebar-menu"><li><a class="depth-0" href="/how-to/information-security-everyones-responsibility">Information Security Is Everyone's Responsibility </a> </li><li><a class="depth-0" href="/how-to/it-security-awareness-stay-sharp-stay-safe">IT Security Awareness - Stay Sharp to Stay Safe</a> </li><li><a class="depth-0" href="/how-to/it-security-and-awareness-champion-program-overview">IT Security and Awareness Champion Program: Overview</a> </li><li><a class="depth-0" href="/how-to/view-it-security-awareness-videos">View IT Security Awareness Videos</a> </li><li><a class="depth-0" href="/how-to/request-it-security-awareness-posters">Request IT Security Awareness Posters</a> </li><li><a class="depth-0" href="/how-to/it-security-orientations-and-education">IT Security Orientations and Education</a> </li><li><a class="depth-0" href="/how-to/it-security-educational-meetings-and-webinars">IT Security Educational Meetings and Webinars</a> </li><li><a class="depth-0" href="/how-to/advanced-it-security-training-ucsf-learning-management-system">Advanced IT Security Training on the UCSF Learning Management System</a> </li></ul></div></div> </div> </div> </div> </div> </aside> </div> </div> </article> </div> </div> </div> </main> <footer class="global-footer" role="contentinfo"> <div class="container-lg"> <div class="flex-row"> <div class="col"> <figure class="logo"> <a href="/" aria-current="page" class="logo__link" title="Home" rel="home"> <picture class="logo__image"> <img src="/themes/custom/its_default/img/ucsf-it-logo-white.svg" alt="Home" class="logo__img"> </picture> </a> </figure> </div> <div class="col"> <div class="region-footer-col1"> <nav role="navigation" aria-labelledby="block-footercol1-menu" id="block-footercol1" class="block block-menu navigation menu--footer-col-1"> <h2 class="visually-hidden" id="block-footercol1-menu">Footer Col 1</h2> <ul class="menu"> <li class="menu-item"> <a href="/status">Status </a> </li> <li class="menu-item"> <a href="/services">Services </a> </li> <li class="menu-item"> <a href="/how-to">How To </a> </li> <li class="menu-item"> <a href="/news-events">News & Events </a> </li> </ul> </nav> </div> </div> <div class="col"> <div class="region-footer-col2"> <nav role="navigation" aria-labelledby="block-footercol2-menu" id="block-footercol2" class="block block-menu navigation menu--footer-col-2"> <h2 class="visually-hidden" id="block-footercol2-menu">Footer Col 2</h2> <ul class="menu"> <li class="menu-item"> <a href="/about-us">About </a> </li> <li class="menu-item"> <a href="/directory">IT Directory </a> </li> <li class="menu-item"> <a href="/standard-guideline">Standards & Guidelines </a> </li> </ul> </nav> </div> </div> <div class="col"> <div class="region-footer-col3"> <nav role="navigation" aria-labelledby="block-footercol3-menu" id="block-footercol3" class="block block-menu navigation menu--footer-col-3"> <h2 class="visually-hidden" id="block-footercol3-menu">Footer Col 3</h2> <li class="menu-item"> <a href="/form/servicenow" class="webform-dialog webform-dialog-wide" title="/form/servicenow">Report issue with this page</a> </li> <li class="menu-item"> <a href="https://help.ucsf.edu">Get Help</a> </li> <li class="menu-item"> <a href="https://recognize.ucsf.edu">Recognize IT Staff</a> </li> </nav> </div> <div class="modal-wrapper" data-sn-modal> <div role="dialog" aria-labelledby="modal-title" aria-modal="true" class="modal" style="z-index: 10;"> <div class="service-now-modal"> <button aria-label="close reveal" role="button" tabindex="0" class="close-modal"> <svg aria-hidden="true" focusable="false" data-prefix="far" data-icon="times" role="presentation" xmlns="http://www.w3.org/2000/svg" viewbox="0 0 320 512" class="svg-inline--fa fa-times fa-w-10"> <path fill="currentColor" d="M207.6 256l107.72-107.72c6.23-6.23 6.23-16.34 0-22.58l-25.03-25.03c-6.23-6.23-16.34-6.23-22.58 0L160 208.4 52.28 100.68c-6.23-6.23-16.34-6.23-22.58 0L4.68 125.7c-6.23 6.23-6.23 16.34 0 22.58L112.4 256 4.68 363.72c-6.23 6.23-6.23 16.34 0 22.58l25.03 25.03c6.23 6.23 16.34 6.23 22.58 0L160 303.6l107.72 107.72c6.23 6.23 16.34 6.23 22.58 0l25.03-25.03c6.23-6.23 6.23-16.34 0-22.58L207.6 256z" class=""></path> </svg> </button> <h1 id="modal-title">Submit a Support Inquiry</h1> <p>For emergencies and high priority issues please call the IT Service Desk (415) 514-4100</p> <p class="validation-message"></p> <form> <div class="description-radios"> <div class="radio"> <input name="u_short_description" type="radio" id="one" value="The content on this page has an error…" checked> <label for="one">The content on this page has an error…</label> </div> <div class="radio"> <input name="u_short_description" type="radio" id="two" value="The page doesn’t work right…"> <label for="two">The page doesn’t work right…</label> </div> </div> <div class="description-custom" hidden> <label for="u_short_description">Short Description</label> <div> <input type="text" id="u_short_description" name="u_short_description" disabled required/> </div> </div> <label for="u_long_description">Please provide a detailed description of the issue:</label> <div> <textarea id="u_long_description" name="u_long_description" rows="5" cols="60" required></textarea> </div> <button class="btn btn-secondary" type="submit">Submit</button> </form> </div> </div> <div class="overlay"></div> </div> </div> <div class="col"> <div class="region-footer-social-links"> <nav> <ul class="social-links"> <li> <a href="https://www.facebook.com/ucsf"> <svg aria-hidden="true" focusable="false" data-prefix="fab" data-icon="facebook" role="presentation" xmlns="http://www.w3.org/2000/svg" viewbox="0 0 512 512" class="svg-inline--fa fa-facebook fa-w-16"> <path fill="currentColor" d="M504 256C504 119 393 8 256 8S8 119 8 256c0 123.78 90.69 226.38 209.25 245V327.69h-63V256h63v-54.64c0-62.15 37-96.48 93.67-96.48 27.14 0 55.52 4.84 55.52 4.84v61h-31.28c-30.8 0-40.41 19.12-40.41 38.73V256h68.78l-11 71.69h-57.78V501C413.31 482.38 504 379.78 504 256z" class=""></path> </svg> <span class="hide-visually-offscreen">Facebook</span> </a> </li> <li> <a href="https://twitter.com/ucsf"> <svg aria-hidden="true" focusable="false" data-icon="twitter" role="presentation" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 512 512" class="svg-inline--fa fa-w-16"> <path fill="currentColor" d="M389.2 48h70.6L305.6 224.2 487 464H345L233.7 318.6 106.5 464H35.8L200.7 275.5 26.8 48H172.4L272.9 180.9 389.2 48zM364.4 421.8h39.1L151.1 88h-42L364.4 421.8z"/> </svg> <span class="hide-visually-offscreen">Twitter</span> </a> </li> <li> <a href="https://www.youtube.com/ucsf"> <svg aria-hidden="true" focusable="false" data-prefix="fab" data-icon="youtube" role="presentation" xmlns="http://www.w3.org/2000/svg" viewbox="0 0 576 512" class="svg-inline--fa fa-youtube fa-w-18"> <path fill="currentColor" d="M549.655 124.083c-6.281-23.65-24.787-42.276-48.284-48.597C458.781 64 288 64 288 64S117.22 64 74.629 75.486c-23.497 6.322-42.003 24.947-48.284 48.597-11.412 42.867-11.412 132.305-11.412 132.305s0 89.438 11.412 132.305c6.281 23.65 24.787 41.5 48.284 47.821C117.22 448 288 448 288 448s170.78 0 213.371-11.486c23.497-6.321 42.003-24.171 48.284-47.821 11.412-42.867 11.412-132.305 11.412-132.305s0-89.438-11.412-132.305zm-317.51 213.508V175.185l142.739 81.205-142.739 81.201z" class=""></path> </svg> <span class="hide-visually-offscreen">YouTube</span> </a> </li> <li> <a href="https://www.instagram.com/ucsf/"> <svg aria-hidden="true" focusable="false" data-prefix="fab" data-icon="instagram" role="presentation" xmlns="http://www.w3.org/2000/svg" viewbox="0 0 448 512" class="svg-inline--fa fa-instagram fa-w-14"> <path fill="currentColor" d="M224.1 141c-63.6 0-114.9 51.3-114.9 114.9s51.3 114.9 114.9 114.9S339 319.5 339 255.9 287.7 141 224.1 141zm0 189.6c-41.1 0-74.7-33.5-74.7-74.7s33.5-74.7 74.7-74.7 74.7 33.5 74.7 74.7-33.6 74.7-74.7 74.7zm146.4-194.3c0 14.9-12 26.8-26.8 26.8-14.9 0-26.8-12-26.8-26.8s12-26.8 26.8-26.8 26.8 12 26.8 26.8zm76.1 27.2c-1.7-35.9-9.9-67.7-36.2-93.9-26.2-26.2-58-34.4-93.9-36.2-37-2.1-147.9-2.1-184.9 0-35.8 1.7-67.6 9.9-93.9 36.1s-34.4 58-36.2 93.9c-2.1 37-2.1 147.9 0 184.9 1.7 35.9 9.9 67.7 36.2 93.9s58 34.4 93.9 36.2c37 2.1 147.9 2.1 184.9 0 35.9-1.7 67.7-9.9 93.9-36.2 26.2-26.2 34.4-58 36.2-93.9 2.1-37 2.1-147.8 0-184.8zM398.8 388c-7.8 19.6-22.9 34.7-42.6 42.6-29.5 11.7-99.5 9-132.1 9s-102.7 2.6-132.1-9c-19.6-7.8-34.7-22.9-42.6-42.6-11.7-29.5-9-99.5-9-132.1s-2.6-102.7 9-132.1c7.8-19.6 22.9-34.7 42.6-42.6 29.5-11.7 99.5-9 132.1-9s102.7-2.6 132.1 9c19.6 7.8 34.7 22.9 42.6 42.6 11.7 29.5 9 99.5 9 132.1s2.7 102.7-9 132.1z" class=""></path> </svg> <span class="hide-visually-offscreen">Instagram</span> </a> </li> </ul> </nav> </div> </div> </div><hr><div class="flex-row"> <p>© 2024 The Regents of the University of California</p> </div> </div> </footer> </div> </div> <script type="application/json" data-drupal-selector="drupal-settings-json">{"path":{"baseUrl":"\/","pathPrefix":"","currentPath":"node\/10790","currentPathIsAdmin":false,"isFront":false,"currentLanguage":"en"},"pluralDelimiter":"\u0003","suppressDeprecationErrors":true,"ajaxPageState":{"libraries":"eJxVj1EOAiEMRC-EcKRNFwrWFGpocV1PL9E16k87mZdMZkAVbaF2wWjSQ1T162CeXqY7qosMqntYQfGjK6pC-bImaTLpGFIfV2APwyRKvc6UAzTpFZge6DJDWaBJ-8S4LM1gQ5WK4Ud7vRVHpkvCDIPtxU4H_AOFZQU-qe1MrThF6PG8_JYIdsaZWKnRrOHnSKe7Gtb3rhvhpuF1fZU0GN2Ga56dw_F9ImApT4cdda8","theme":"its_default","theme_token":null},"ajaxTrustedUrl":[],"component":{"plugins":[]},"search_autocomplete":{"service_search":{"source":"\/callback\/nodes","selector":"#service-list-search","minChars":2,"maxSuggestions":10,"autoSubmit":true,"autoRedirect":false,"theme":"minimal","filters":["q","title"],"noResult":{"group":{"group_id":"no_results"},"label":"No results found for [search-phrase]. Click to perform full search.","value":"[search-phrase]","link":""},"moreResults":{"group":{"group_id":"more_results"},"label":"View all results for [search-phrase].","value":"[search-phrase]","link":""}}},"css_js_query_string":"snbtp1","webform":{"dialog":{"options":{"narrow":{"title":"Narrow","width":600},"normal":{"title":"Normal","width":800},"wide":{"title":"Wide","width":1000}},"entity_type":"node","entity_id":"10790"}},"user":{"uid":0,"permissionsHash":"f4bc137c3b0e0417208499cfcce574068aa7e6d23310565c0f8c756bdf849489"}}</script> <script src="/sites/it.ucsf.edu/files/js/js_VrRdbqTfEA4XKKuZkwgd1OFu9IGC8g79MSKEnM9KiIc.js?scope=footer&delta=0&language=en&theme=its_default&include=eJxVjutyAyEIhV-I6CPtsIqGDkpGMNvt09d2tp3kD7cDHwfNyDfuH5RcR0xmYZ8ia1b4kwyKdseDTBvFlzrYs4IRjnTfcLombY91RNHvtNTGnRtKWDhIOijmMR-rf10FO82pxR2NIAmanW91IzOsdAG6jgXkLwJ22zIVnOKxiu4oN_NTuNc36cfs7XILB-1lAeKVQ2YUrfBkOiz-xtA0T_l_3jUTFMG6Ydf-5-Ub1bZ1rw"></script> <script src="/themes/custom/its_default/js/main.js?snbtp1" type="module"></script> <script src="/sites/it.ucsf.edu/files/js/js_KrvVL5yuqzAxqzdfJlVarZSqLY8baXIiEOcFUw-MlEI.js?scope=footer&delta=2&language=en&theme=its_default&include=eJxVjutyAyEIhV-I6CPtsIqGDkpGMNvt09d2tp3kD7cDHwfNyDfuH5RcR0xmYZ8ia1b4kwyKdseDTBvFlzrYs4IRjnTfcLombY91RNHvtNTGnRtKWDhIOijmMR-rf10FO82pxR2NIAmanW91IzOsdAG6jgXkLwJ22zIVnOKxiu4oN_NTuNc36cfs7XILB-1lAeKVQ2YUrfBkOiz-xtA0T_l_3jUTFMG6Ydf-5-Ub1bZ1rw"></script> <script type="text/javascript"> /*<![CDATA[*/ (function() { var sz = document.createElement('script'); sz.type = 'text/javascript'; sz.async = true; sz.src = '//siteimproveanalytics.com/js/siteanalyze_8343.js'; var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(sz, s); })(); /*]]>*/ </script> </body> </html>