Governance

Information Risk Governance Committee (IRGC)

The Information Risk Governance Committee (IRGC) provides the campus framework for institutional governance of information risk. Information risk includes, but is not limited to, the broad categories of:

  • Autonomy Privacy – ability of individuals to conduct activities without observation;
  • Information Privacy – appropriate protection, use, and dissemination of information about individuals; and
  • Information Security – protection of all information and information infrastructure;
  • Balancing Process – for the sometimes-conflicting interests of Autonomy Privacy and Information Security.

Three types of questions rise to the level of governance:

  • Balance between information security, privacy, transparency, accountability
  • Decision rights on accepting risk and setting institutional risk thresholds: reviewing and deciding on exception requests to information risk management policies. This authority may be delegated to the Chief Information Security Officer (CISO) or Chief Privacy Officer (CPO). IRGC committee executive sponsors and co-chairs may escalate emergency and very high-impact decisions on exception requests to CARE.
  • Oversight of the Campus privacy and Campus information security programs to ensure adequate transparency on how personal information is protected, what data is collected about electronic activities of individuals, and how such data is used.

IRGC is charged by the Compliance, Accountability, Risk and Ethics (CARE) committee to make recommendations on campus information risk issues. These recommendations are campus policy that sets campus information risk tolerances. IGRC’s broad membership allows for evaluation of impact on recommended risk management policies, in respect to the full diversity of campus activities.

While IRGC will, of necessity, deal with topics that touch on technology, the primary focus of IRGC is information risk as viewed through decidedly non‐technical lenses, ranging from alignment with campus values to reviewing the cost‐benefit analysis of proposed policy. When technical depth is required, IRGC is supported and advised by the Campus Information Security and Privacy Committee (CISPC), a campus group of information technology practitioners.

View Full Committee Charter

Box Meeting Materials (committee member login required)

EXECUTIVE SPONSORS

Khira Griscavage, Associate Chancellor & Chief of Staff
Larry Conrad, Associate Vice Chancellor/Chief Information Officer

CHAIRS

NameTitle
Wanda Ellison Crockett,
Interim Campus Privacy Officer
Privacy, Office of Ethics, Risk and Compliance Services, Co-Chair
Jeremy Rosenberg
Chief Information Security Officer
Information Security and Policy, Co-Chair

CYBER-RISK RESPONSIBLE EXECUTIVE

NameTitle
Anthony Joseph,
Professor
Academic Senate (EECS) 

MEMBERSHIP

Committee membership is designed to be fully representative of the campus.
Members are expected to be knowledgeable about campus culture regarding privacy, freedom of inquiry, and institutional risk tolerance.
Each control unit executive must grant his or her IRGC appointees the authority to represent the views and priorities of their respective areas, and make information risk recommendations for the campus community.

MEMBERREPRESENTING
John Chuang,
Professor
Academic Senate (School of Information)
Ilian Herzi Hodges,
Undergraduate Student
Associated Students of the UC
Nancy McKinney,
Executive Director
University Relations
Gabe Gonzales,
Chief Technical Officer
Campus Information Security and Privacy Committee (CISPC) supporting workgroup (Law) (non-voting member)
Jo Mackness,
Interim Chief Human Resources Officer
Administration & Finance (Human Resources)
Deirdre Mulligan,
Associate Professor
Academic Senate (iSchool)
Rosemarie Rae,
Chief Financial Officer
Administration & Finance (CFO)
Jamie Jue,
Interim Director
Internal Audit (non-voting member)
David Robinson,
Interim Chief Campus Counsel
Legal Affairs
Pam Samuelson,
Professor
Academic Senate (Law)
Annalee Saxenian,
Dean and Professor
EVCP (iSchool)
Pat Schlesinger,
Assistant Vice Chancellor
Research Administration and Compliance
Mia Settles - Tidwell,
Asst. Vice-Chancellor/Chief of Staff
Equity & Inclusion
Andrew Sharo
Student
Graduate Assembly (Plant & Microbiology)
Walter Wong,
University Registrar
Student Affairs (Admissions & Enrollment)
Diana Wu,
Dean and Executive Director
EVCP (University Extension)