Information Risk Governance Committee (IRGC)

Meeting Schedule, Agendas & Notes

Governance committee meeting schedules, agendas, and notes are available on the IT Governance calendar.

ITSC Calendar Button

Charge

The Information Risk Governance Committee (IRGC) provides the campus framework for institutional governance of information risk. Information risk includes, but is not limited to, the following broad categories:

  • Autonomy Privacy – The ability of individuals to conduct activities without observation.

  • Information Privacy – Appropriate protection, use, and dissemination of information about individuals.

  • Information Security – Protection of all information and information infrastructure.

  • Balancing Process – This is in place for the sometimes conflicting interests of Autonomy Privacy and Information Security.

IRGC is charged by the Compliance, Accountability, Risk, and Ethics (CARE) committee to make recommendations on campus information risk issues. These recommendations are campus policy that sets campus information risk tolerances. IRGC’s broad membership allows for the evaluation of the impact on recommended risk management policies, with respect to the full diversity of campus activities.

While IRGC will, out of necessity, deal with topics that touch on technology, the primary focus of IRGC is information risk as viewed through decidedly non‐technical lenses, ranging from alignment with campus values to reviewing the cost‐benefit analysis of any proposed policy. When technical depth or privacy balancing is required, IRGC is supported and advised by the Campus Information Security and Privacy Committee.

Scope

Three types of questions rise to the level of governance:

  • A balance between information security, privacy, transparency, and accountability.

  • Decision rights on accepting risk and setting institutional risk thresholds: reviewing and deciding on exception requests to information risk management policies. This authority may be delegated to the Chief Information Security Officer (CISO) or Chief Privacy Officer (CPO). IRGC committee executive sponsors and co-chairs may escalate emergency and very high-impact decisions on exception requests to CARE.

  • Oversight of the campus privacy and campus information security programs to ensure adequate transparency on how personal information is protected, what data is collected about the digital activities of individuals, and how such data is used.

IRGC Membership

Committee membership is designed to be fully representative of the campus. Members are expected to be knowledgeable about campus culture regarding privacy, freedom of inquiry, and institutional risk tolerance. Each control unit executive must grant his or her IRGC appointees the authority to represent the views and priorities of their respective areas, and make information risk recommendations for the campus community.

Executive Sponsors

  • Khira Griscavage, Associate Chancellor, Chief of Staff to the Chancellor; Chief Ethics, Risk, and Compliance Officer (CERCO) & Locally Designated Official (LDO)
  • Tracy Shinn, Associate Vice Chancellor for IT and Chief Information Officer

Co-Chairs

  • Allison Henry, Chief Information Security Officer
  • Lisa Ho, Campus Privacy Officer, Office of Ethics, Risk and Compliance Services

Cyber-Risk Responsible Executive

  • Anthony Joseph, Chancellor's Professor, Electrical Engineering and Computer Sciences

CISPC Representative

  • Ken Geis, Director, Information Services, Research Administration and Compliance

 Voting Members

Representing

Name & Title

Academic Senate

Greg Niemeyer - Professor of Media Innovation, Department of Art Practice

Academic Senate - Computing and Information Technology (CIT) 

John Kubiatowicz - Professor, Computer Science

Associated Students of the University of California (ASUC)

TBD - Undergraduate Student Representative

Athletics

Ryan Cobb - Associate Director of Athletics, Performance, Health & Welfare; Head Athletic Trainer

Controller's Immediate Office

Michael Riley - Controller & Assistant Vice Chancellor

Division of Equity & Inclusion

Fabrizio Mejia - Acting Vice Chancellor for Equity & Inclusion

Facilities Services

Carolyn Knight - IT Director, Facilities Services

Graduate Assembly

Shneur Gansburg - Graduate Assembly Representative

Graduate Division

Catherine Madsen - Business Systems Analyst

Library

Carolyn Caizzi - Associate University Librarian for Digital Initiatives and Information Technology

Office of Ethics Risk, and Compliance Services

Sharon Inkelas - Deputy Associate Chancellor

Office of Legal Affairs

Liv Hasset  - Associate Campus Counsel

Office of the Chief Financial Officer

Chris Stanich  - Associate Vice Chancellor of Financial Planning & Analysis

People and Culture Office

Eugene Whitlock (Alternate Janet Speer) - Assistant Vice Chancellor for Human Resources; Chief People & Culture Officer

Public Affairs

Aileen Zerrudo - Associate Vice Chancellor, Communications & Public Affairs; Chief Communications Officer

Research Administration and Compliance

Kairi Williams - Assistant Vice Chancellor for Research Administration and Compliance

Residential and Student Services Programs (RSSP)

Ingrid Hunt - Senior Business Analyst of Technology Planning

Student Affairs - Admissions & Enrollment

Sarah Reed - University Registrar

Summer Sessions, Study Abroad, Lifelong Learning, and University Extension 

William Bacon -Director of Information Technology

Undergraduate Education

Anne Marie Richard - Chief Academic Technology Officer & Assistant Vice Provost Research, Teaching, and Learning

University of California Police Department

Lt. Nicole Miller - Administrative Lieutenant 

University Development and Alumni Relations

Jennifer Sierras - Executive Director and Chief Technology Officer of Advancement Information Services, University Development and Alumni Relations

University Health Services

Jen Swails - Administrative Director, UHS

Vice Provost for Faculty

Sharon Inkelas  - Professor, Department of Linguistics; Special Faculty Advisor to the Chancellor on Sexual Violence/Sexual Harassment; Associate Vice Provost for the Faculty (AVPF)

Ex-Officio Members (Non-Voting)

Representing

Name & Title

Audit & Advisory Services

Jaime Jue - Director, Audit & Advisory Services

Information Security Office

Julie Goldstein - Information Security Policy Manager

Office of Ethics Risk, and Compliance Services

Laila DeBerry (Alternate: Charlie Goodrich) - Campus Risk Manager/Delegations of Authority & Conflict of Interest Coordinator

Office of Technology Projects and Governance

Jenny Bombasaro Brady - IT Policy Program Manager 

IRGC Subcommittee: Campus Information Security and Privacy Committee (CISPC)

Mission

The Campus Information Security and Privacy Committee (CISPC) is a standing committee to support and advise the Information Risk Governance Committee (IRGC) on information security and privacy programs, priorities, and budget.  CISPC also functions as an advisory group for the Chief Information Security Officer (CISO) and Campus Privacy Officer (CPO).

Areas of Focus

CISPC is charged with the following responsibilities within the areas of information security and privacy:
  • Identifying campus requirements.
  • Providing input on policy issues.
  • Reviewing proposed standards.
  • Recommending agenda priorities for IRGC.
  • Providing research and risk/cost-benefit analysis on IRGC agenda topics.
  • Sponsoring periodic professional development events (jointly with Information Security and Policy) to foster two-way information flow to and from campus IT service providers.
  • Other work delegated or assigned by the IRGC, CISO, or CPO. 

Sponsorship

CISPC is sponsored by the IRGC. 

Procedures

  • Meeting frequency: Two hours monthly, plus additional workgroup commitments. The committee will determine modifications to the schedule based on current needs. 
  • Meeting structure: The chairs or a designee will collect agenda items and circulate agendas in advance of each meeting to ensure an informed discussion of scheduled topics.
  • Reporting: CISPC reports directly to the IRGC separately from the CISO and CPO. The CISO/CPO annual report to the IRGC shall also include CISPC reporting and input, and the CISO/CPO report shall be shared with CISPC (as well as other interested UCB stakeholders). 
  • Documentation of proceedings: All meetings shall have notes of discussions and action items. 
  • Voting: If CISPC does not reach a consensus on advisory topics, majority and minority opinions may be used to convey a topic’s depth and complexity to the IRGC and other audiences. Quorum is 70% of voting members, one vote per person.
  • Working Groups: Ad hoc working groups bring together subject matter experts to study particular topics in depth, prepare reports, and make recommendations to CISPC. Working group members are appointed for a finite term and can include both CISPC and non-CISPC members, as long as at least one working group member is a CISPC member. Working groups will be constituted as deemed appropriate by CISPC and/or IRGC.
The committee may adopt additional or alternate operating procedures as needed.

Membership

  • CISPC members are selected from the campus community by the IRGC (or, if delegated, by the IRGC Co-Chairs), based on subject matter expertise and willingness to serve.
  • The IRGC will contact each CISPC member’s manager annually to request the following release time: 2 hours/month for CISPC general meetings and 3-5 hours/month for additional CISPC work commitments.
  • Volunteers can apply for membership via the CISPC chairs for full committee review and recommendation and subsequent IRGC approval. (Working group service is taken into consideration on membership decisions.)
  • The CISPC chair and vice-chair are selected by a majority vote of CISPC members. The elected vice-chair is the designated chair for the following year.
  • Vacancies and other membership issues are resolved by the IRGC Co-Chairs.
  • It is the expectation that members attend all meetings. Two unexcused absences will be grounds for removal.

If you are interested in this opportunity to engage and advise senior campus leadership on important issues, contact cispc-chairs@berkeley.edu to express your interest in joining the committee.

Chair

  • Ken Geis, Director, Information Services, Research Administration and Compliance

Members

  • Allison Henry, Chief Information Security Officer, Berkeley IT
  • Charron Andrus, Associate Chief Information Security Officer, Berkeley IT
  • Guy Seltzer, System Administrator, Environment, Health & Safety
  • Ilona Ozmon, Senior Systems Administrator, Berkeley IT
  • John Ives, Security Operations Manager, Berkeley IT
  • Julie Goldstein, Information Security Policy Program Manager, Berkeley IT
  • Kamyar Marashi, Applications Security Manager, Berkeley IT
  • Katelynn Isabel Hernandez, Research Affiliate, UC Berkeley
  • Lars Rohrbach, System Administration Manager, Electrical Engineering & Computer Science
  • Lisa Ho, Campus Privacy Officer, Office of Ethics, Risk and Compliance Services
  • Liv Hassett, Attorney, Legal Affairs
  • Michael Quan, Collaborative Partner, Letters & Science IT
  • Neeraj Singh, Alumni Representative, UC Berkeley
  • Owen G McGrath, Director of Strategic Initiatives & Programs, Research, Teaching, & Learning
  • Robert Lozano, IT Operations Director, Berkeley Law
  • Robin Brooke Pappas, IT Governance Program Manager, Berkeley IT
  • Ryan Lovett, Systems Manager, Letters & Science IT
ITSC Structure 2025-2026 graphic that links to accessible slide deck
select image to enlarge

Questions?

Please direct questions about IT Governance to Robin Pappas, IT Governance Program Manager.