.

VUIT Identity Operations

Appointment of Security Manager Form

Two designated security managers (primary and secondary) are required and approved by the Manager or Department Head.

• As the Information Security Manager (ISM) appointed for my department, I understand I have the following job responsibilities and agree to do my best to fulfill these duties.

• Maintain an understanding of Vanderbilt standards and policies regarding information security, confidentiality, and privacy and communicate these to individuals within my department.

• Assist the organization in identifying, classifying, and securing confidential and restricted information.

• Orient and train the faculty, staff, and trainees within my department on security awareness in general and security procedures that should be followed in direct relation to their job duties.

• Monitor compliance with information security policies and procedures, referring ongoing problems to the Information Privacy and Security Office.

• Monitor the process of granting system access to users within my department to ensure that appropriate information access levels and security clearances are maintained when transfers, changes in job functions, and terminations occur. This includes:

• Creating and maintaining a current process map for all employee types regarding the process for notification of changes to employee status.

• Creating and maintaining a list of active PAF responsible persons within the area served.

• Creating and maintaining a list of departmental systems operators/owners that need to be notified when an employee status changes. Refer to policy IM 10-30.19 Authorization and Access to Electronic Systems and Applications Section IV: Specfic Information, Item D: Modification of Access.

• Maintain flow of information to and from department systems operators/owners that need notification of changes to employee status.

• Identify potential exposures and risks to the confidentiality, integrity, and availability of information and make recommendations to my Department Head or the Information Privacy and Security Office (when appropriate) to mitigate the risks.

• Alert the Information Privacy and Security Office to changes in the patient-care, business, and computer systems environments in the organization that would have an impact on the information security program.

• Train another individual in the department to act as an ISM backup, in case of emergency or absence.

As the Token Manager (TM) appointed for my department, I understand I have the following job responsibilities and agree to do my best to fulfill these duties.

• Maintain an understanding of Vanderbilt standards and policies regarding information security, confidentiality, and privacy and communicate these to individuals within my department.

• Assist the organization in identifying, classifying, and securing confidential and restricted information.

• Monitor the process of granting SecurID tokens to users within my department and security clearances are maintained when transfers, changes in job functions, and terminations occur.

 

Name of Security Manager:                    

Name of Token Manager:                        

Vanderbilt University Medical Center (VUMC):           Vanderbilt University (VU):

VUNet ID:          RACF ID:

Email Address: Department Name: Phone:

 

Name of Secondary Security Manager:  

Name of Secondary Token Manager:      

Vanderbilt University Medical Center (VUMC):           Vanderbilt University (VU):

VUNet ID:        RACF ID:

Email Address:  Department Name:  Phone:    

 

 As the Manager/Department Head for my Organizational Unit I hereby certify that the above individual is certified to fulfill the job responsibilities as the Information Security manager and agree to hold them accountable to such duties.

 Name of Manager/Department Head:  Date:

Email address:

Please return the completed form by email to System Access Management:  systems.access@vanderbilt.edu    

Before the Security Manager or Token Manager can be appointed, Department Head or Manager should send a verification of approval email to the systems access mailbox:  systems.access@vanderbilt.edu

For questions contact the HelpDesk:  (615) 343-4357        

 

  

 

 

This page was last updated April 22, 2014 and is maintained by