Establishment of a Technology Security Program at VIMS

PPD-0350

There shall be established an Information Technology Security program at the Virginia Institute of Marine Science (VIMS) that resides within the Department of Information Technology and Networking Services (ITNS).  The program will follow industry best practices for Information Technology Security as recommended in the “Code of Practice for Information Security Controls” published by the International Organization for Standardization and the International Electrotechnical Commission (ISO/IEC 27002:2022), appropriately tailored to the specific circumstances of the Institute.  The program will also incorporate security requirements of applicable regulations, such as the Family Educational Rights and Privacy Act, Gramm-Leach-Bliley Act, and the Health Insurance Portability and Accountability Act.  Professional organizations, such as the national EDUCAUSE association and the Virginia Alliance for Secure Computing and Networking, will serve as resources for additional effective security practices.

The VIMS CIO is designated the Information Security Officer (ISO) within VIMS ITNS.  The ISO is responsible for implementing the appropriate security controls cooperatively with the Director of ITNS and through the appropriate contacts within the Institute.  The ISO will review and revise materials on an annual basis, with revisions complete no later than July 1st of each year.

Recognizing that a significant portion of the Information Technology assets utilized by VIMS reside at William & Mary in Williamsburg, the VIMS ISO will serve as liaison to the W&M Information Technology Security Program and participate where appropriate.  Likewise, as members of the W&M community, all VIMS faculty, staff, and students are bound by W&M IT Security Policies and Procedures when at the W&M campus or when accessing W&M systems remotely.  The W&M IT Security program documents can be viewed online at https://www.wm.edu/offices/ce/policies/it-security/.