Services | UTIA Information Security Program

The Institute IT Security Program offers many services to Units, Departments, Centers, and individuals and are necessary for the normal day-to-day operations of the IT Security Program. By providing consulting and support through these services, the Institute’s Chief Information Security Officer (CISO) is able to help reduce risk to the Institute’s data and IT assets. Should you have questions about how these services can help you, please contact Sandy Lindsey.

HIPAA Compliance

The Institute’s CISO works with all covered entities and business associates to ensure compliance is maintained according to HIPAA (Health Insurance Portability and Accountability Act of 1996) regulations, providing data privacy and security protections for safeguarding medical information.

IT Security Assessment

The goal of a security assessment is to ensure that necessary security controls are integrated into the design and implementation of a project or service. The Institute’s CISO can provide a security assessment that includes documentation outlining any security gaps between the project and/or service, and approved security policies.

IT Security Awareness, Training, and Education

In addition to the required annual training, specialized training can be developed for departments or units upon request. Weekly e-newsletters are sent to all Institute employees with topics being relevant to current threats, situations, or events; policy reminders; tips; and guidelines. Specific topics may be requested for the “Ask Your CISO” section.

IT Security Risk Management

An in-depth vulnerability scan may be requested by a user as a part of the Institute’s IT Security Risk Management program. In addition, this program includes a formal exception process for IT security policies, plans, and procedures.

IT Security Solutions Design

The Institute’s CISO provides security solutions for requested projects or services based on the NIST standards; Institute policies, plans, and procedures; University policies; applicable laws; and the business needs of the user, e.g., recommendations concerning cloud storage for moderate data such as student records, human health records, or intellectual properties.

PCI Compliance

The Institute’s CISO validates the compliance of information transferred across the Institute’s networks based on PCI DSS (Payment Card Industry Data Security Standards) regulations by working with each merchant to ensure the proper security controls are in place. Annual on-site assessments by the CISO are conducted with each merchant to verify full PCI compliance.