Compliance Auditing Policy
Applies to: | Original Policy Date: | Date of Last Review: | Approved by: |
---|---|---|---|
Florida Tech Campus | August 2024 | August 2024 | Dr. John Nicklow, President |
Policy Owner: Chief Information Officer (CIO)
Policy Purpose
This policy ensures compliance with the Information Security Program at Florida Institute of Technology (Florida Tech) through regular internal audit assessments. This policy aims to enhance operational efficiency, reduce risks, identify systemic issues, and ensure adherence to relevant laws and regulations, thereby safeguarding the university's data and IT resources.
Policy Scope
This policy applies to all departments, staff, faculty, and students at Florida Tech, including all university sites, modalities, and affiliates.
Policy Statement
Compliance with the Information Security Program is enforced by the Chief Information Officer (CIO) or their designees through annual internal audit assessments. These assessments are designed to ensure adherence to established policies and procedures, identify areas of non-compliance, and implement corrective actions as necessary.
Procedures/Guidelines
- Annual internal audit assessments will be conducted to evaluate compliance with the Information Security Program.
- The CIO or designated personnel will coordinate and oversee the audit process.
- Audit findings will be documented, and a report will be generated detailing areas of non-compliance and recommended corrective actions.
- Departments and individuals found to be non-compliant will be required to implement corrective actions within a specified timeframe.
- Follow-up audits may be conducted to ensure that corrective actions have been implemented and compliance has been achieved.
Definitions
- Compliance: Adherence to the policies, procedures, and standards set forth in the Information Security Program.
- Internal Audit: An independent assessment conducted to evaluate the effectiveness and compliance of the university's operations with established policies and procedures.
Responsibilities
- CIO: Oversees the compliance auditing process, ensures audits are conducted annually, and approves the final audit report.
- Internal Audit Team: Conducts the audits, documents findings, and recommends corrective actions.
- Department Heads: Ensure compliance within their departments and implement corrective actions as required.
Enforcement
Non-compliance with this policy may result in disciplinary actions, including potential restrictions, suspensions, or revocations of user privileges. Repeated non-compliance may lead to further disciplinary measures as deemed appropriate by the university administration.