Committees


Committees are a vital part of IT Security at the Institute. The Institute’s Chief Information Security Officer trusts the advice​ and guidance of representatives from each of the Institute’s units to implement a fully functioning IT security program, and information is shared with the Department Heads and the Executive Committee before policies​ and procedures are approved. Working in this way ensures that the security program is transparent and reviewed as a community.

The change Advisory Team (CAT) is created to support the Institute’s Configuration Management Policy and the Change Control Procedures.

The Chair is Sandy Lindsey, the Institute’s CISO, and is a non-voting member. The voting membership of the CAT is comprised of five members representing the following units:

  1. College of Veterinary Medicine
  2. UT Extension​
  3. Herbert College of Agriculture
  4. Departments
  5. AgResearch​

Current membership is as follows:

  1. Charles Lambrecht, IT Team Leader, College of Veterinary Medicine
  2. Justin Stefanski, Extension Area Specialist – Central Region, Extension​
  3. John Stier, Associate Dean, Herbert College of Agriculture
  4. Michele Wilson, Animal Science IT Specialist, Departments
  5. Mark Young, Information Technology Coordinator, AgResearch​

When a requested change affects a specific business unit, representation from that unit will be requested to appear at the CAT session with the change owner. This is often necessary to validate the impact. Others are invited to attend the CAT meeting as necessary or where there may be other interested parties.

The purpose of the CAT is to:

  • Review the Request for Change (RFC), as submitted by the change owner.
  • Review all documentation for completeness, evaluate the change request dates for conflicts with other scheduled Institute events or changes, and review the requests for compliance with the new change control procedures.
  • Meet with change owner to discuss risks, as well as all testing and implementation plans.
  • Approve/reject all changes to the Institute’s Information Technology (IT) production environment based on established technical standards.
  • Document configuration change decisions.
  • Ensure​ that all affected parties are aware of the change and its potential impact(s).​
  • Ensure that the stability and reliability of IT production systems is maintained.
  • Validate that only authorized changes go into production.
  • Retain records of change.

RFCs will be scheduled for review at a specified CAT meeting where all five CAT members are in attendance. If an appointed CAT member cannot attend the specified meeting, they must find a suitable and informed replacement. For an RFC to be approved, it must be a majority decision. An RFC will be rejected if there is reason to postpone the vote until any necessary edits to the RFC have been made.

​Voting membership of the CAT will be reviewed every year and membership may be changed, if necessary, according to the CAT Charter schedule. The CISO is responsible for maintaining membership and will be available for advice, as well as for resolving concerns and disputes.

The Institute of Agriculture (Institute) Security Advisory Committee (SAC) is created to establish and maintain the vision and plan for information technology (IT) security for the Institute. In addition, the SAC evaluates security issues that affect the Institute and develops responses that meet the Institute’s operational needs and business objectives.

The Institute’s Chief Information Security Officer (CISO) shall chair the SAC. The membership includes representatives from the following areas:

  1. Sandy Lindsey, Chief Information Security Officer, UTIA (Chair)
  2. Daniel Hinton, IT Specialist III, Information Technology Services, Extension​
  3. Charles Lambrecht, IT Team Leader, College of Veterinary Medicine
  4. Brent Lamons, Director of Advising, Herbert College of Agriculture
  5. Shawn Towater, Extension Area Specialist, Information Technology, Western Region, Extension
  6. Katie Whitehouse, Information Specialist I, Marketing & Communications, Department
  7. Mark Young, IT Specialist III, Information Technology Services, AgResearch

​Other members of the Institute IT community may be included in the meetings as appropriate for discussion of specific issues.

The objectives of the SAC are to:

  • Discuss and review Institute IT security plans, policies, procedures, best practices, and standards using:
    • The National Institute of Standards (NIST) framework,
    • Applicable laws of the State of Tennessee, and
    • The IT policies of the University of Tennessee.
  • Discuss IT security policy drafts with leadership of the units or areas each member is representing.
  • Recommend IT security policies for review by the Institute Executive Committee and approval by the Senior Vice President & Senior Vice Chancellor, CIO, and CISO.
  • Advise the CISO in resolving concerns and disputes.
  • Encourage implementation of Institute-wide standards and processes to improve information security.
  • Engage the Institute community in open discussion of privacy and security concerns for purposes of general education.

Voting membership of the SAC will be reviewed every year and membership may be changed, if necessary, according to the SAC Charter schedule. The CISO is responsible for maintaining membership and will be available for advice, as well as for resolving concerns and disputes.​

The University of Tennessee Institute of Agriculture (Institute) Technical Standards Committee (TSC) was formed to establish a baseline of technologies used by the Institute. In addition, the TSC maintains a technical standards model (TSM) used in the provision of IT solutions to meet the business needs of the Institute.

The membership includes subject matter experts from the following areas:

  1. Security Standards
  2. University and Institute Business Processes
  3. IT Support Processes
  4. Infrastructure Architecture Standards
  5. Data Architecture Standards
  6. Application Architecture Standards

The Chair is Sandy Lindsey, the Institute’s CISO. Other members of the Institute IT community will be included in the meetings, as appropriate for discussion of specific issues.

The objectives of the TSC are to:

  1. Develop a baseline of technology standards, to include:
    • Hardware
    • Software
    • Applications
    • Third party services, and
    • Security tools;
  2. Maintain support documentation for the baseline standards;
  3. Evaluate new technologies using the TSM; and
  4. Determine necessary changes to the existing baseline

In addition, the TSC will evaluate requests by those who have needs that do not adhere to the existing baseline.