AIMS

Faculty

Regular Staff

Students

Temporary Staff

IT Compliance Unit(ITC)

IT Compliance Unit

The IT Compliance Unit (ITC) develops and executes information security risk management programs to reduce risks to the university and minimize exposure to threats. ITC also serves as a liaison between departmental units and external auditors to ensure compliance with university, state, and federal IT regulations.

The software review process is in place to ensure compliance with federal and state regulations, as well as university policies that protect students, faculty, and staff. Specifically:

•IT-Compliance reviews ensure that software meets security requirements and aligns with applicable federal and state laws, reducing potential risks related to cybersecurity and unauthorized data access.

•ADA reviews are required due to federal laws mandating accessibility, ensuring that all individuals, including those with disabilities, can use the software effectively.

•Data Privacy and FERPA reviews are necessary to safeguard students' personal information and ensure that software solutions align with university data protection standards.

What We Do

Third-Party risk assessment - Conduct product/vendor security assessment per USM IT Security Standards
Campus risk assessment - Conduct annual information security risk assessment for selected units
Physical security assessment - Assess how and where data is physically stored
GLBA risk assessment - Conduct annual GLBA risk assessment for selected systems

Audit Liaison - Support OLA, USM, PCI and CLA audits
Remediation & Mitigation - Facilitate remediation activities to address audit findings
Ethics, Integrity and Compliance Reporting - Support UMD Compliance Reporting System

IT Security Standards - Develop and maintain UMD IT Security Standards
IT Security Procedures - Assist departmental units developing and managing security procedures