Systems Assurance Services
Welcome to our Systems Assurance Services web pages!
Last Updated: Dec. 13, 2010 DDB
Priority SA services and initiatives!
IT Security Incident Management. Gerrit Bos, our new IT Security Officer is the CIO's designate for reporting complaints or potential violations of the University's Acceptable Use Policy (AUP).
In Nov/2008, our former Manager of IT Security (Doug Blain), provided this update to the ITSIG group regarding our SA services ITSIG-Nov.
Our local definition of systems assurance (SA) includes :
a holistic approach to systems analysis that includes risk management, compliance, auditability and security. SA activities include proactive identification of inadequate security considerations, deficient risk mitigation plans, or certification and auditability inadequacies (i.e. non-compliance). N.B. quality assurance (i.e. functionality meets the specified requirements) is explicitly not included in SA activity.
Working on behalf of the CIO, the Systems Assurance function has the following mandate:
* Provide assistance with enterprise risk management initiatives and assessments.
* Liaise with external and internal auditors with regard to information technology systems, controls, security and policies.
* Further on-going compliance and auditability, "raise the bar" regarding IT policy development and more formalized enterprise guidelines.
* IT security, including incident handling, AUP compliance, security consultation, and administration of a comprehensive security program.
* Provide SA services, on behalf of the CIO's office including vulnerability assessment and encryption.