Committees


Committees are a vital part of IT Security at the Institute. The UTIA Chief Information Security Officer trusts the advice​ and guidance of representatives from each of the Institute’s units to implement a fully functioning Information Technology (IT) Security Program, and information is shared with Directors, Department Heads, and the UTIA Executive Committee before the Institute’s IT Security Standards​ and Procedures are approved. Working in this way ensures that the security program is transparent and reviewed as a community.

The University of Tennessee Institute of Agriculture (UTIA or Institute) Change Advisory Team (CAT) is created to support the Institute’s Configuration Management Plan and the Change Control Procedures.

The Chair is Sandy Lindsey, UTIA CISO, and is a non-voting member. The voting membership of the CAT is comprised of five members representing the following units:

  1. College of Veterinary Medicine
  2. UT Extension​
  3. Herbert College of Agriculture
  4. Departments
  5. AgResearch​

Current membership is as follows:

  1. Charles Lambrecht, IT Team Leader, College of Veterinary Medicine
  2. TBD, Extension​
  3. John Stier, Associate Dean, Herbert College of Agriculture
  4. TBD, Departments
  5. Mark Young, Information Technology Coordinator, AgResearch​

When a requested change affects a specific business unit, representation from that unit will be requested to appear at the CAT session with the change owner. This is often necessary to validate the impact. Others are invited to attend the CAT meeting as necessary or where there may be other interested parties.

The purpose of the CAT is to:

  • Review the Request for Change (RFC), as submitted by the change owner.
  • Review all documentation for completeness, evaluate the change request dates for conflicts with other scheduled Institute events or changes, and review the requests for compliance with the new change control procedures.
  • Meet with change owner to discuss risks, as well as all testing and implementation plans.
  • Approve/reject all changes to the Institute’s Information Technology (IT) production environment based on established technical standards.
  • Document configuration change decisions.
  • Ensure​ that all affected parties are aware of the change and its potential impact(s).​
  • Ensure that the stability and reliability of IT production systems is maintained.
  • Validate that only authorized changes go into production.
  • Retain records of change.

RFCs will be scheduled for review at a specified CAT meeting where all five CAT members are in attendance. If an appointed CAT member cannot attend the specified meeting, they must find a suitable and informed replacement. For an RFC to be approved, it must be a majority decision. An RFC will be rejected if there is reason to postpone the vote until any necessary edits to the RFC have been made.

​Voting membership of the CAT will be reviewed every year and membership may be changed, if necessary, according to the CAT Charter schedule. The UTIA CISO is responsible for maintaining membership and will be available for advice, as well as for resolving concerns and disputes.

The University of Tennessee Institute of Agriculture (UTIA or Institute) Security Advisory Committee (SAC) is created to establish and maintain the vision and plan for Institute’s Information Technology (IT) Security Program. In addition, the SAC evaluates security issues that affect the Institute and develops responses that meet the Institute’s operational needs and business objectives.

The Institute’s Chief Information Security Officer (UTIA CISO) shall chair the SAC. The membership includes these representatives from the following areas:

  1. Sandy Lindsey, Chief Information Security Officer, UTIA (Chair)
  2. Charles Lambrecht, IT Team Leader, College of Veterinary Medicine
  3. TBD, Herbert College of Agriculture
  4. Shawn Towater, Extension Area Specialist, Information Technology, Western Region, Extension
  5. Katie Whitehouse, Information Specialist I, Marketing & Communications, Department
  6. Mark Young, IT Specialist III, Information Technology Services, AgResearch

​Other members of the Institute IT community may be included in the meetings as appropriate for discussion of specific issues.

The objectives of the SAC are to:

  • Discuss and review Institute IT security standards, procedures, and best practices written by the UTIA CISO using:
    • The Center for Internet Security (CIS) framework;
    • Applicable laws of the State of Tennessee; and
    • The IT policies of the University of Tennessee.
  • Discuss IT security standard drafts with leadership of the units or areas each member is representing.
  • Recommend IT security standards for review by the Institute’s Executive Committee and approval by the Senior Vice Chancellor & Senior Vice President; UTIA CIO; and UTIA CISO.
  • Advise the UTIA CISO in resolving concerns and disputes.
  • Encourage compliance with Institute-wide standards and processes to improve information security.
  • Engage the Institute community in open discussion of privacy and security concerns for purposes of general education.

Voting membership of the SAC will be reviewed every year and membership may be changed, if necessary, according to the SAC Charter. The UTIA CISO is responsible for maintaining membership and will be available for advice, as well as for resolving concerns and disputes.​

The University of Tennessee Institute of Agriculture (UTIA or Institute) Technical Standards Committee (TSC) was formed to establish a baseline of technologies used by the Institute. In addition, the TSC maintains a technical standards model (TSM) used in the provision of IT solutions to meet the business needs of the Institute.

The membership includes subject matter experts from the following areas:

  1. Security Standards
  2. University and Institute Business Processes
  3. IT Support Processes
  4. Infrastructure Architecture Standards
  5. Data Architecture Standards
  6. Application Architecture Standards

The Chair is Sandy Lindsey, UTIA CISO. Other members of the Institute’s IT community will be included in the meetings, as appropriate for discussion of specific issues.

The objectives of the TSC are to:

  1. Develop a baseline of technology standards, to include:
    • Hardware
    • Software
    • Applications
    • Third party services, and
    • Security tools;
  2. Maintain support documentation for the baseline standards;
  3. Evaluate new technologies using the TSM; and
  4. Determine necessary changes to the existing baseline

In addition, the TSC will evaluate requests by those who have needs that do not adhere to the existing baseline.