Service Provider
If you’re part of a UC group or organization providing specific IT services to a Unit, you’re considered a Service Provider. Service Providers are Units that offer IT help to other Units. Much of your role involves partnering closely with the Unit you are assisting to ensure strong information security practices. Your checklist includes the following steps:
- Understand responsibilities. Service Providers must make sure they are clear and unambiguous in terms of accepting security responsibilities. Make sure the Unit served and the Service Provider have a solid understanding of who’s doing what.
- Ensure compliance. The IT services you’re delivering must comply with UC’s Information Security Policy.
- Partner with the Unit. Work together to complete Risk Assessments, implement security measures and respond to potential or confirmed security incidents. Make certain the Unit Head understands risks.
- Report security incidents. Report any security incident, non-compliance issues or cybersecurity concerns to the Chief Information Security Officer (CISO) and the Unit Heads you serve.
- Ask questions. Better safe than sorry: When you’re unsure of the best way to protect Institutional Information or IT Resources, ask your Unit Information Security Lead, Unit Head, or CISO.
- Speak up. As a service provider, you are an expert in delivering compliant services to Units at your Location or other Locations. You must clearly communicate to Unit Heads if your service offering does not comply with IS-3 or relies on the Unit to meet certain provisions.