State Regulations

The Vice President for Information Technology maintains information, status reports, and resources associated with the technological aspects of compliance with Georgia regulations, Board of Regents policy, and University policy.

State Regulations

• Georgia Technology Authority

Board of Regents Policy Compliance

• Board of Regents Policy Section 11
  Section 11.0, Information Technology (IT), covers all aspects of the University System of Georgia (USG) information technology including general policy, IT project authorization, and information security.

• USG IT Handbook The USG publishes an IT handbook which defines the policies, procedures, and audit standards for all USG institution. Compliance with these standards is subject to audit by State, USG, institutional, and the department.
  • Introduction
  • Section 1. Information Technology (IT) Governance Georgia Southern’s IT Governance structure draws broadly from six diverse advisory bodies and also includes the CIO’s participation on the President’s Cabinet.
  • Section 2. Project and Service Administration The CIO maintains documentation on all services, programs, and projects for creating new services; to expand, enhance, improve existing services; mitigate various risks; or to retire a service.  IT Services maintains a service catalog which describes the services and service levels it provides to the University.  In addition, service level agreements are established, where prudent, which define specialized services.  To ensure alignment of IT services with the University community needs and business requirements, the CIO and his/her IT Directors monitor and periodically report on service level metrics.  The CIO also oversees incident management and problem management and incorporate performance data into service assessments and continuous improvement activities. The CIO maintains and periodically reviews with the President’s Cabinet an IT Projects Portfolio which tracks both tactical and strategic initiatives.   The CIO also develops and maintains Effectiveness Plans and Key Performance Initiatives which address institutional strategic priorities.  Service levels are re-evaluated, at least annually, to ensure alignment of IT and business objectives and foster continuous improvement life-cycles. The CIO routinely compares IT service performance outcomes to peer and aspirational institutions.  The CIO prepares an annual report which summarizes strategic accomplishments and IT Services effectiveness.
  • Section 3. IT Management  The CIO oversees information system user account management and the process by which an individual’s access and permissions within information systems is created, authorized, activated, periodically reviewed, and deactivated
  • Section 4. Financial and Human Resource Management  The CIO is responsible for exercising fiscal management and controls over the procurement of technology and services and for the recruitment, development, and retention of human resources.
  • Section 5. Information Security  The CIO has broad responsibilities with respect to information security oversight including the development and maintenance of a comprehensive security program, the administration of an information security organization and administration, policy development and management, incident management, risk management, security awareness training and assessment, implementation of various security standards, and reporting and filing of compliance documents.
  • Section 6. Risk Management    The CIO has responsibilities to maintain a Risk Management Program for identifying, controlling, and managing the impact of uncertain harmful events to the institution’s technology infrastructure and mission critical processing, and with consideration of the value of the protected IT assets that balances the costs associated with risks and the costs of protective measures.
  • Section 7. Facilities  The CIO has responsibilities for developing and managing the physical environment around IT assets including defining the physical site requirements, selecting the appropriate facilities, and designing effective processes for monitoring environmental factors and managing physical access.
  • Section 8.0: Bring Your Own Device (BYOD) Standard  The CIO is responsible to uphold standards for the use of personally owned devices by employees for accessing USG and institutional data.

Last updated: 2/10/2015