The purpose of Security Compliance Management services is to help the University of Louisville community understand, implement, and maintain compliance with institutional, state, and federal information security policies and regulations. These services ensure that university data, systems, and operations are protected and that all departments and individuals meet required standards for confidentiality, integrity, and availability.
Overview of Service
Security compliance management is coordinated by ITS Enterprise Security. The team provides guidance, resources, and oversight for compliance with university policies, regulatory frameworks (such as HIPAA, FERPA, PCI, GLBA, Export Controls, and KRS 61.931-934), and best practices. Services include policy education, compliance reporting, risk assessments, and support for audits and exception requests.
Key Features:
- Access to the university’s Information Security Policies and Procedures library
- Guidance on compliance requirements for departments and individuals
- Support for reporting misconduct, non-compliance, or security incidents
- Risk assessments and compliance reviews for systems and processes
- Coordination with the University Integrity and Compliance Office
- Anonymous and non-anonymous reporting channels for suspected violations
Benefits:
- Reduced risk of data breaches and regulatory penalties
- Improved awareness and adherence to security policies
- Streamlined compliance processes for audits and assessments
- Enhanced protection of university data and systems
- Support for a culture of accountability and security
Intended Audience:
Faculty, staff, students, departmental administrators and technology professionals responsible for handling university data and systems.
Service Details
-
Core Activities:
- Provide access to and education about security policies and standards
- Conduct risk assessments and compliance reviews
- Support for compliance reporting and audit preparation
- Assist with exception requests and policy clarifications
- Facilitate anonymous and non-anonymous reporting of misconduct or non-compliance
- Respond to compliance-related inquiries and incidents
-
Associated Platforms:
Information Security Policies and Procedures library, Compliance Hotline, ITS Helpdesk, online reporting forms
-
Performance Metrics:
- Number of compliance reviews and risk assessments completed
- Timeliness of response to compliance inquiries and reports
- User satisfaction and feedback
- Reduction in compliance violations and incidents
-
Collaboration:
Managed by ITS Enterprise Security in partnership with the University Integrity and Compliance Office and departmental leadership.
Boundaries and Constraints
- Compliance requirements are determined by university policy and applicable laws/regulations.
- Exception requests require formal review and approval.
- Anonymous reporting is available via the Compliance Hotline and online forms.
- Non-compliance may result in disciplinary action or regulatory penalties.