Revised Stewardship "Policy"

UCOP has released a new website (draft?) on the Management of Electronic Information Resources which contains what they used to call stewardship requirements and which we still do. Excerpt:

The University of California is committed to high standards of excellence for management of its electronic information resources and therefore endorses information technology management practices that uphold principles of academic freedom, shared governance, open access, and privacy.

Consistent with the University Statement of Ethical Values and Standards of Ethical Conduct, all members of the University community are accountable for compliance with University policies and procedures for management of electronic information resources over which they have jurisdiction or control.

The website contains useful links to all sorts of policies/guidance appropriate to LBNL >>

Small update to 9.02

While looking at what guidance we had on electronic signatures, we discovered (IAS really) that the RPM seemed to assign a line responsibility to them to certify control sufficiency for applications which use electronic signatures. No one seems to be quite sure where this requirement came from, but it seems outside the scope of UC IAS to certify as to sufficiency. We revised 9.02(D)(10)(e)(ii) to reflect the assignment of this responsibility to the application owner (and by extension, their line management).

http://www.lbl.gov/Workplace/RPM/R9.02.html#RTFToC40

Welcome to the IT Policy Blog

Well, this is just kind of an experiment. Given that we're in the middle of certification and accreditation seasons for the cyber security programs, this blog is unlikely to get very much attention at the moment. Nevertheless, here's a quick update on IT Policy issues at LBNL right now.

1. C&A for Cyber Systems
We're in the midst of the Certification and Accreditation of the Cyber Security Program at LBNL. This is a big exercise in which we triannually certify to DOE that everything is working correctly, and they, in turn, accept the unmitigated residual risks associated with the program. We just recently completed our peer readiness review, and soon we'll have an external consulting firm provide independent verification and validation of our security test and evaluation program.

2. 9.01 Updated.
After a few years with just minor updates, RPM 9.01 was updated to reflect new requirements and expectations - especially the notion of stewardship of IT assets which is the foundational concept of the newly proposed UC Stewardship Policy. Coming up next, 9.02-9.05 get updated.

Test

Post