Deadline for required cybersecurity training is Dec. 20 The Division of Information Technology encourages all faculty and staff to log in to Litmos and confirm the training has been completed prior to the deadline. Log in to Litmos

Infrastructure, Architecture, & Security Committee

The IASC stands as the cornerstone of the CSU System’s technological landscape, safeguarding and architecting the infrastructure that supports our academic and administrative functions. The committee oversees the alignment of IT services with our institutional mission, fostering a secure, efficient, and innovative environment for faculty, students, and staff.

Members

First NameLast NameTitleDepartment/UnitCommittee Role
LanceBaatzDirector of Enterprise Collaborative ServicesDivision of ITMember
MichaelBrakeAssociate Director of Technology & AssessmentCollaborative for Student AchievementMember
KelleyBransonSenior Director of Research ITResearch ITCo-Chair
HowardCampbellNetwork AdministratorDivision of ITMember
JamesCizekSenior Technology ArchitectDivision of ITMember
JimDillonIT Audit ManagerInternal AuditingMember
GreggGiffenhagenAssistant ProfessorCollege of Veterinary Medicine & Biomedical SciencesMember
AlexKhramovDirector of Cybersecurity ServicesDivision of ITCo-Chair
CandaceRamseySenior Director of Research ITResearch ITMember
ChrisWellerSenior Web Designer & Multimedia SpecialistDivision of ITMember
NateWilliamsNetwork & System Administration ManagerUniversity AdvancementMember
RichWrightDirectorResearch Compliance ServicesMember

Charter

Draft | January 31, 2025

Overview and Responsibilities

The Infrastructure, Architecture & Security Committee (IASC) provides the IT Governance framework with institutional governance of information security policies, IT risk management, and privacy-related procedures and security initiatives. The Infrastructure, Architecture & Security Committee (IASC) is charged with providing oversight and support of Colorado State CSU system information and technology infrastructure, architecture and security by:

  • Develop recommendations on IT Strategy
  • Develop and/or review and recommend technical architectures
  • Devise and/or review and recommend information and technology infrastructure standards.
  • Authoring privacy-related policies, procedures, and security initiatives
  • Recommending strategic direction on campus information security and data privacy-related work to ensure that it supports the CSU system mission.

The IASC works in close collaboration with the Office of CSU system Risk and Compliance.

The IASC oversees committees, existing or developed, that serve as inputs to its overall scope.

Deliverables

The IASC produces the following outputs, including, but not limited to:

  • Develop and/or recommend changes to the IT Architecture and information and technology infrastructure.
  • Develop, design, deliver and sourcing of IT service architecture and fulfillment strategies to be reviewed by the other IT Governance committees.
  • Conduct annual review of the IT Services portfolio provided to the CSU system and make any recommendation for changes (Additions, Modifications, removals) with appropriate accompanying business case.
  • Make proposals to develop, recommend or change IT standards.
  • Evaluate impact of changes or business cases will have on the IT architecture, information and technology infrastructure, or security.
  • Advise on system-wide strategic plans for data management including sourcing, distribution, maintenance, and quality of CSU system Institutional Data assets.
  • Advise on system-wide data management practices for decision making including data warehousing, business intelligence, master data management and metadata management.
  • Recommend plans and methods for assessing data management value and risk.
  • Assist in enhancing Institutional Data with consistent definitions and classifications according to data management standards and guidelines.
  • For campus information security and privacy programs review to make sure adequate transparency on how personal information is protected, what data is collected of individuals and how such data is used.
  • For proposed security and privacy standards share and get feedback from information resource managers across the CSU system, and update prior to publication of proposed standards. All policy recommendations/alterations/suggestions must be coordinated appropriately with the Policy Office and policy owner.
  • Approve privacy and information security policies and standards. Evaluate the risks as well as costs and benefits of mitigation, considering workload impact across campus.
  • For issues that do not conform to CSU system information security and privacy practices, e.g., vendor terms and conditions, contracts and services incompatible with information resource policy; coordinate with the CISO and either escalate and/or approve.
  • Work with the CISO and CSU system risk Management to assist in prioritization of resources and the appropriate campus response to address information risk situations.
  • Determine service improvement outcomes to increase the awareness and effectiveness of information risk, policy, and security topics across the CSU system.

Please note: All policy recommendations/alterations/suggestions must be coordinated appropriately with the Policy Office and policy owner.

Membership

The IASC votes and makes decisions within the above charge and scope. The IASC receives the following inputs, including, but not limited to:

  • Recommendations and decisions that are out of scope for the following committees:
    • IT Strategy Council (ITSC)
    • Demand Management Committees
      • Instruction + Student Success
      • Research
      • Administrative Systems
    • Recommendations for the development of policy, procedure, or security actions from the following bodies:
      • Demand Management Committees
        • Instruction + Student Success
        • Research
        • Administrative Systems
      • Safety & Risk Services – Risk Management and Insurance
    • Any recognized ITG input body.
    • Analysis activities and recommendations requested by any ITG committee.

The Vice President for IT and Chief Information Officer (CIO) acts with signature authority on all policy and control documents within the information resources domain prior to finalization with the Colorado State CSU system Compliance Program.

The Chief Information Security Officer (CISO) acts as the final approving agent for exception requests reviewed by the IASC. Exceptions will be documented in a consistent format and stored in a secure document repository.

Members:

  • Co-Chairs from IT and Campus Representatives
  • Data Governance
  • ITSM Core Planning Teams
  • Safety & Risk Services –Risk Management and Insurance
  • College IT Administrators Council (CITAC) representation
  • Representative from VP of Research
  • Division of IT leadership
    • Enterprise Applications and Infrastructure, Head of
    • Cybersecurity & Privacy, Head of
    • Strategy & Planning, Head of
    • Experience & Collaboration, Head of

Committee membership is determined by organizational role as primary or delegated Business or IT decision maker (within campus, institute, or system), role as primary or delegated Institutional Research decision maker, or role of Community of Practice Chairperson.

Membership is based on the capacity to effectively represent constituency interests in the system-wide IT decision making process.

The Committee is expected to seek guidance as necessary to fulfill its mission. Such guidance may include, but is not limited to, the creation of advisory councils and inclusion of additional internal or external experts.

Meetings

The Committee is to meet as often as necessary to fulfill its responsibilities, as determined by the Committee Chairperson(s). It is to make information on participation, agenda, and minutes available to its constituencies and other members of the system-wide IT Governance community upon request.

Meeting Frequency: Monthly meetings

Time Commitment: 2 to 3 hours prep and 1 hour for meeting.

Meeting Structure: The Co-Chairs will arrange the agenda, minutes and any relevant documentation and release them 1 week before the meeting.

Reporting: The Co-Chairs along with IT department Governance group

Documentation of Proceedings: Minutes and business case updates

Research and Supplemental Input Mechanisms: Should the committee require further analysis of an item it may create a sub-committee to address this

Items as inputs, in preparation for the meeting:

  • Graphical representation of IT Infrastructure. High Level Systems list sitting on the information and technology
  • List of Applications, use and in what areas.
  • Status of services – any important issues in service
  • CSU system, Demand Area and IT Strategies
  • Appropriate Policy and Reg docs – if any.
  • Projects in pipeline – active, planned, desired.
  • Minutes & Actions from previous meeting
  • Agenda

Items as outputs for sharing with other committees and stakeholders:

  • Immediate issues from a service perspective
  • Recommended projects with Business cases for consideration
  • List of potential projects that are in the works but haven’t had Business cases fully developed.