Delegation of administrative authority and responsibility¶
The following specific assignments of administrative authority and responsibility are hereby delegated to The New School Senior Vice President and Chief Information Officer to assist and act for the President.
The Senior Vice President and Chief Information Officer shall:
- Have responsibility for:
- development of practical and effective university policies, standards, guidelines, procedures, and best practices for information security and privacy;
- development and implementation of an information security and privacy awareness program to be offered periodically to all university faculty and staff;
- development of a risk assessment process to be used for identifying, analyzing, and mitigating risks to university information and systems;
- development of a response plan for information security incidents and personal information data breaches;
- implementation of practical and effective technologies and services to ensure the security of university information, networks, and computing infrastructure; and
- establishment of an information security and privacy function (the “Information Security and Privacy Office”), led by a dedicated full-time senior staff member, to develop, implement, and operate the New School Information Security and Privacy Program.
- Have authority to shut down any device or application or disable any account if it is believed to be involved in compromising the security of university information or systems or the privacy rights of individuals until such time as it is demonstrated that the device, application, or account no longer poses a threat. Devices and applications will not be shut down without consultation with relevant departmental or unit officials, unless a critical situation exists (e.g., active compromise, serious vulnerability, denial of service, worm or virus attack) and officials cannot be contacted quickly. The Chief Operating Officer, Provost, or Senior Vice President for Student Success, as appropriate, shall be notified promptly of any device(s) or application(s) shut down or account(s) disabled pursuant to this paragraph. The individual or department responsible for the device(s), applications(s), or account(s) in question may appeal the shut down or disablement to the Chief Operating Officer, Provost, or Senior Vice President for Student Success.
- Have authority to suspend application development or deployment efforts if a risk assessment determines that the impact of a particular threat is likely to compromise the security of university information or systems or the privacy rights of individuals with serious impact until a remedy is implemented to reduce or eliminate the impact of that threat.
In all instances, administration and approvals shall be in accordance with applicable laws and regulations and the policies of the university. Deviation from these policies will require advance written permission of the President.
|Jul 2016||D. Curry||
|Nov 2019||D. Curry||