Contract Measures and C&A

Certification and Accreditation process is proceeding apace. The external auditors are completing their assessment and our documentation is nearly done.

It's also summer which means its contract performance measures time (PEMP-o-Rama). We'll be adding our own assurance section to the CIO blog as soon as these are finalized. Right now, it looks like we'll have a new leadership metric for communication to senior management about cyber security risks and threats, as well as "Section 8" cyber metrics and a new, albeit small, scorecard for IT successes at LBL.

On the policy front, UCOP issued a whole new set of requirements which are quite well conceived, especially the new IS-3. We'll be evaluating what, if anything, needs to be done to update our community-facing (RPM) or internal facing (CSPP) policies to reflect the new UC policies in the coming weeks.

As a final note, the word for the week is: Burdensomeness.

Revised Stewardship "Policy"

UCOP has released a new website (draft?) on the Management of Electronic Information Resources which contains what they used to call stewardship requirements and which we still do. Excerpt:

The University of California is committed to high standards of excellence for management of its electronic information resources and therefore endorses information technology management practices that uphold principles of academic freedom, shared governance, open access, and privacy.

Consistent with the University Statement of Ethical Values and Standards of Ethical Conduct, all members of the University community are accountable for compliance with University policies and procedures for management of electronic information resources over which they have jurisdiction or control.

The website contains useful links to all sorts of policies/guidance appropriate to LBNL >>