Skip to main content

IT Risk, Policy, and Compliance

IT Risk, Policy, and Compliance

The IT Risk, Policy, and Compliance group is a division of the Office of Information Technology (OIT) that provides leadership in the development, delivery, and maintenance of programs and services in support of the strategic priorities for Rutgers IT. These programs and services include IT policy development, risk management (risk assessment, mitigation, and monitoring), compliance program strategy (PCI, GLBA, HIPAA, etc.), and security awareness and training services.

IT policy development

Rutgers is committed to establishing and maintaining a safe, secure computing environment that supports its missions of teaching, learning, and service to the state. To that end, the university has set policies to ensure the integrity of its infrastructure, the security of its data, and the efficient and ethical use of its resources. 

Risk management program

Rutgers’ risk management program consists of identification, assessment, and prioritization of risks following a coordinated and efficient application of resources to minimize, monitor, or control the likelihood of unfortunate occurrences. It allows senior managers to balance the operational and economic costs of protective measures and achieve gains in our overall mission capability by protecting the IT systems and data that support the institution’s missions. Rutgers’ risk management program encompasses three processes: risk assessmentrisk mitigation, and monitoring (evaluation).

Information security training and awareness program

The information security training and awareness program provides educational offerings to assist university members in staying up to date with regulatory training requirements (i.e. PCI-DSS, GLBA, HIPAA, etc.), as well as includes helpful tips and information for staying safe online. These offerings will help heighten awareness of cyber threats and vulnerabilities, while highlighting best security practices to safeguard the university’s information and information assets to maintain the confidentiality, integrity, and availability of university-owned data.

Compliance program

Rutgers, as a dedicated teaching, research, and clinical care institution, is required to be in compliance with various regulations, such as the Family Educational Rights and Privacy Act (FERPA), the Gramm-Leach-Bliley Act (GLBA), Health Insurance Portability and Accountability Act (HIPAA), Payment Card Industry Data Security Standard (PCI-DSS), and others. The IT Risk, Policy, and Compliance group serves as a central liaison between technical and business stakeholders, other internal partners, and auditors in improving and ensuring institutional IT compliance adherence and monitoring.