====== Management Oversight of Privacy and Security Programs ======

==== University of Colorado IT Security Program Policy ====

All data and information resources of the SEHD are subject to University of Colorado's IT Security Program policy, [[https://www.cu.edu/ope/aps/6005|APS-6005]]. Within the policy it describes the management roles and responsibilities:

> The Program shall be managed and monitored collaboratively by the Chief Information Security Office (CISO), campus Information Security Officers, Security Advisory Committee (SAC), and other University representatives as appropriate.

==== University of Colorado Denver HIPPA Policy ====

As applicable, the most secure SEHD data are subject to the UCD HIPPA policy. As stated on the [[http://www.ucdenver.edu/research/ORC/HIPAA/Pages/WhatIsHIPAA.aspx|UCDenver HIPPA Website]]:

> Responsibility for HIPAA compliance is coordinated by the Office of Regulatory Compliance under the direction of the Associate Vice Chancellor for Regulatory Compliance, Dr. Alison D. Lakin, RN, LLB, LLM, PhD.


==== SEHD Secure Data Server ====

The SEHD Secure Data Server's security program is monitored collaboratively by the SEHD Data Governance Manager, a representative from the SEHD Assessment Office, and a representative from the SEHD IT Office.