What is ITPAC?
 | Indiana University has a multitude of IT security policies that have been enacted to protect IU's IT assets. These policies and procedures must be adhered to in order to successfully pass a review from an auditing group (e.g. IU Internal Audit Dept.). This can be quite problematic because each IT policy can be difficult to decipher and know if they are pertinent to your unit. |
The College IT Policy Alignment Consultation (ITPAC) is a service provided through UITS/College Information Security & Policy Office to ensure that your business unit's IT services are aligned with IU IT security policies. This confidential service is accomplished through sit down indepth discussions with your IT staff regarding your existing IT procedures and workflow.
Why the College Information Security & Policy Office?
The College IT operations groups have been providing IT services to the College community at large for over twenty years. For the protection of our clients, the College IT operations groups must deliver safe and secure services that are deliberately in lock step with IU policy.
The combination of experience and professional industry certified staff puts the College Information Security & Policy Office in a unique position to offer help and well equipped to recommend remediation steps to other IU units on how to achieve better policy aliqnment.
Our Approach
CISPO staff will meet with your unit's IT staff to discuss their current policies, procedures, and services. A number of questions will be asked over the course of a day that cover the areas of physical security, logical security, data loss, disaster recovery, systems and services management, and documentation. Each area of questions directly relates to IU IT Polices and security practices which generally align with material that are likely to be asked during o typical security review or audit.
When complete, CISPO will provide a confidential assessment report that outlines the level of alignment across the multiple IU IT policies. This documentation will provide a clear set of objectives and services that can be deployed to allow your unit to remediate quickly with the greatest impact.
How can this help?
Internal Knowledge
The CISPO possesses extensive experience with the services offered by UITS and the College. This expertise enables us to propose diverse solutions for your alignment issues.
Outside Perspective
Obtaining an independent external perspective on your IT operations can yield significant benefits. The consultation will offer your department a fresh outlook on existing IT procedures and provide an opportunity to tap into CISPO's extensive experience.
Confidential Process
The primary objective of CISPO is to support other IU departments in gaining a better understanding of their compliance with IU IT Policies. Our process is entirely confidential, and information shared with us remains private. We strive to foster trust and confidence in this process.
Focused Remediation
Upon completing the IT Policy Alignment Consultation, your unit’s IT staff will gain precise insights into areas requiring alignment with IU policies. This process enables them to understand the broader context and how policy alignment issues interrelate.
Documentation
Documentation serves as evidence that your procedures are well-established and robust. If your documentation is lacking or nonexistent, CISPO can provide your team with a helpful starting point by tailoring documentation to align with your unit’s procedures.
