Governance

The Cyber Security Programs are governed and guided through a formal multi-tiered structure, through the use of various committees. These committees function within their charters and are chaired by the appropriate Executive Manager:

Cyber Risk Management Group

The BSD Cyber Risk Management Group (RMG) evaluates cyber risks posed by information systems, including business practices, and determines whether the risk-benefit calculus is within the organization’s risk appetite and tolerance levels.

Privacy and Security Steering Committee

TBD

University of Chicago Audit Committee

The University of Chicago Audit Committee has the primary responsibility for establishing and maintaining a sufficient system of internal controls. Internal Audit will evaluate internal controls of the BSD adequacy, operating environment, and related accounting, financial and operational policies, and report the results accordingly.

University of Chicago Medical Center Audit Committee

TBD

Committee Charters

Committee Name Committee Charter
Cyber Risk Management Group BSD-Cyber-Risk-Management-Group-Charter
Privacy and Security Steering Committee Privacy and Security Steering Committee Charter
University of Chicago Audit Committee University of Chicago Audit Committee Charter
University of Chicago Medical Center Audit Committee University of Chicago Medical Center Audit Committee Charter