Implementation
To be effective, the IUP Information Assurance Policy must be enforced for all systems connected to the university network. This enforcement must be an on-going effort applied to both new and existing systems. Information Assurance is a dynamic and demanding field. Information Technology Management at IUP (as outlined in Section 1 of this policy) will limit System Administrator responsibilities to approved personnel.
Reports
Each System Administrator will submit a report to the Information Systems Security Officer in May and December of each year documenting compliance with all items defined in Section 2 of this policy. On-going documentation is a requirement of the documentation defined in Section 2. As such, the Information Systems Security Officer will have “on demand” access to all required documentation maintained by System Administrators in the event of an incident or audit.
Reviews
Under the direction of the Information Systems Security Officer, the IUP Information Assurance Policy will be reviewed annually between October and December.
