Meeting Schedule, Agendas & Notes
Governance committee meeting schedules, agendas, and notes are available on the IT Governance calendar.
Charge
The Information Risk Governance Committee (IRGC) provides the campus framework for institutional governance of information risk. Information risk includes, but is not limited to, the following broad categories:
- Autonomy Privacy - The ability of individuals to conduct activities without observation.
- Information Privacy - Appropriate protection, use, and dissemination of information about individuals.
- Information Security - Protection of all information and information infrastructure.
- Balancing Process - This is in place for the sometimes conflicting interests of Autonomy Privacy and Information Security.
IRGC is charged by the Compliance, Accountability, Risk, and Ethics (CARE) committee to make recommendations on campus information risk issues. These recommendations are campus policy that sets campus information risk tolerances. IRGC's broad membership allows for the evaluation of the impact on recommended risk management policies, with respect to the full diversity of campus activities.
While IRGC will, out of necessity, deal with topics that touch on technology, the primary focus of IRGC is information risk as viewed through decidedly non‐technical lenses, ranging from alignment with campus values to reviewing the cost‐benefit analysis of any proposed policy. When technical depth or privacy balancing is required, IRGC is supported and advised by the Campus Information Security and Privacy Committee.
Scope
Three types of questions rise to the level of governance:
- A balance between information security, privacy, transparency, and accountability.
- Decision rights on accepting risk and setting institutional risk thresholds: reviewing and deciding on exception requests to information risk management policies. This authority may be delegated to the Chief Information Security Officer (CISO) or Chief Privacy Officer (CPO). IRGC committee executive sponsors and co-chairs may escalate emergency and very high-impact decisions on exception requests to CARE.
- Oversight of the campus privacy and campus information security programs to ensure adequate transparency on how personal information is protected, what data is collected about the digital activities of individuals, and how such data is used.
IRGC Membership
Committee membership is designed to be fully representative of the campus. Members are expected to be knowledgeable about campus culture regarding privacy, freedom of inquiry, and institutional risk tolerance. Each control unit executive must grant his or her IRGC appointees the authority to represent the views and priorities of their respective areas, and make information risk recommendations for the campus community.
Executive Sponsors
- Khira Griscavage, Associate Chancellor, Chief of Staff to the Chancellor; Chief Ethics, Risk, and Compliance Officer (CERCO) & Locally Designated Official (LDO)
- Tracy Shinn, Associate Vice Chancellor for IT and Chief Information Officer
Co-Chairs
- Allison Henry, Chief Information Security Officer
- Lisa Ho, Campus Privacy Officer, Office of Ethics, Risk and Compliance Services
Cyber-Risk Responsible Executive
- Anthony Joseph, Chancellor's Professor, Electrical Engineering and Computer Sciences
CISPC Representative
- Ken Geis, Director, Information Services, Research Administration and Compliance
Voting Members
Representing | Name & Title |
| Academic Senate | Greg Niemeyer - Professor of Media Innovation, Department of Art Practice |
| Academic Senate - Computing and Information Technology (CIT) | John Kubiatowicz - Professor, Computer Science |
| Associated Students of the University of California (ASUC) | TBD - Undergraduate Student Representative |
| Athletics | Ryan Cobb - Associate Director of Athletics, Performance, Health & Welfare; Head Athletic Trainer |
| Controller's Immediate Office | Michael Riley - Controller & Assistant Vice Chancellor |
| Division of Equity & Inclusion | Fabrizio Mejia - Acting Vice Chancellor for Equity & Inclusion |
| Facilities Services | Carolyn Knight - IT Director, Facilities Services |
| Graduate Assembly | Shneur Gansburg - Graduate Assembly Representative |
| Graduate Division | Catherine Madsen - Business Systems Analyst |
| Library | Carolyn Caizzi - Associate University Librarian for Digital Initiatives and Information Technology |
| Office of Ethics Risk, and Compliance Services | Sharon Inkelas - Deputy Associate Chancellor |
| Office of Legal Affairs | Liv Hasset - Associate Campus Counsel |
| Office of the Chief Financial Officer | Chris Stanich - Associate Vice Chancellor of Financial Planning & Analysis |
| People and Culture Office | Eugene Whitlock (Alternate Janet Speer) - Assistant Vice Chancellor for Human Resources; Chief People & Culture Officer |
| Public Affairs | Aileen Zerrudo - Associate Vice Chancellor, Communications & Public Affairs; Chief Communications Officer |
| Research Administration and Compliance | Kairi Williams - Assistant Vice Chancellor for Research Administration and Compliance |
| Residential and Student Services Programs (RSSP) | Ingrid Hunt - Senior Business Analyst of Technology Planning |
| Student Affairs - Admissions & Enrollment | Sarah Reed - University Registrar |
| Summer Sessions, Study Abroad, Lifelong Learning, and University Extension | William Bacon -Director of Information Technology |
| Undergraduate Education | Anne Marie Richard - Chief Academic Technology Officer & Assistant Vice Provost Research, Teaching, and Learning |
| University of California Police Department | Lt. Nicole Miller - Administrative Lieutenant |
| University Development and Alumni Relations | Jennifer Sierras - Executive Director and Chief Technology Officer of Advancement Information Services, University Development and Alumni Relations |
| University Health Services | Jen Swails - Administrative Director, UHS |
| Vice Provost for Faculty | Sharon Inkelas - Professor, Department of Linguistics; Special Faculty Advisor to the Chancellor on Sexual Violence/Sexual Harassment; Associate Vice Provost for the Faculty (AVPF) |
Ex-Officio Members (Non-Voting)
Representing | Name & Title |
| Audit & Advisory Services | Jaime Jue - Director, Audit & Advisory Services |
| Information Security Office | Julie Goldstein - Information Security Policy Manager |
| Office of Ethics Risk, and Compliance Services | Laila DeBerry (Alternate: Charlie Goodrich) - Campus Risk Manager/Delegations of Authority & Conflict of Interest Coordinator |
| Office of Technology Projects and Governance | Jenny Bombasaro Brady - IT Policy Program Manager |
IRGC Subcommittee: Campus Information Security and Privacy Committee (CISPC)
Mission
The Campus Information Security and Privacy Committee (CISPC) is a standing committee to support and advise the Information Risk Governance Committee (IRGC) on information security and privacy programs, priorities, and budget. CISPC also functions as an advisory group for the Chief Information Security Officer (CISO) and Campus Privacy Officer (CPO).
Areas of Focus
CISPC is charged with the following responsibilities within the areas of information security and privacy:
- Identifying campus requirements.
- Providing input on policy issues.
- Reviewing proposed standards.
- Recommending agenda priorities for IRGC.
- Providing research and risk/cost-benefit analysis on IRGC agenda topics.
- Sponsoring periodic professional development events (jointly with Information Security and Policy) to foster two-way information flow to and from campus IT service providers.
- Other work delegated or assigned by the IRGC, CISO, or CPO.
Sponsorship
CISPC is sponsored by the IRGC.
Procedures
- Meeting frequency: Two hours monthly, plus additional workgroup commitments. The committee will determine modifications to the schedule based on current needs.
- Meeting structure: The chairs or a designee will collect agenda items and circulate agendas in advance of each meeting to ensure an informed discussion of scheduled topics.
- Reporting: CISPC reports directly to the IRGC separately from the CISO and CPO. The CISO/CPO annual report to the IRGC shall also include CISPC reporting and input, and the CISO/CPO report shall be shared with CISPC (as well as other interested UCB stakeholders).
- Documentation of proceedings: All meetings shall have notes of discussions and action items.
- Voting: If CISPC does not reach a consensus on advisory topics, majority and minority opinions may be used to convey a topic's depth and complexity to the IRGC and other audiences. Quorum is 70% of voting members, one vote per person.
- Working Groups: Ad hoc working groups bring together subject matter experts to study particular topics in depth, prepare reports, and make recommendations to CISPC. Working group members are appointed for a finite term and can include both CISPC and non-CISPC members, as long as at least one working group member is a CISPC member. Working groups will be constituted as deemed appropriate by CISPC and/or IRGC.
The committee may adopt additional or alternate operating procedures as needed.
Membership
- CISPC members are selected from the campus community by the IRGC (or, if delegated, by the IRGC Co-Chairs), based on subject matter expertise and willingness to serve.
- The IRGC will contact each CISPC member's manager annually to request the following release time: 2 hours/month for CISPC general meetings and 3-5 hours/month for additional CISPC work commitments.
- Volunteers can apply for membership via the CISPC chairs for full committee review and recommendation and subsequent IRGC approval. (Working group service is taken into consideration on membership decisions.)
- The CISPC chair and vice-chair are selected by a majority vote of CISPC members. The elected vice-chair is the designated chair for the following year.
- Vacancies and other membership issues are resolved by the IRGC Co-Chairs.
- It is the expectation that members attend all meetings. Two unexcused absences will be grounds for removal.
If you are interested in this opportunity to engage and advise senior campus leadership on important issues, contact cispc-chairs@berkeley.edu to express your interest in joining the committee.
Chair
- Ken Geis, Director, Information Services, Research Administration and Compliance
Members
- Allison Henry, Chief Information Security Officer, Berkeley IT
- Charron Andrus, Associate Chief Information Security Officer, Berkeley IT
- Guy Seltzer, System Administrator, Environment, Health & Safety
- Ilona Ozmon, Senior Systems Administrator, Berkeley IT
- John Ives, Security Operations Manager, Berkeley IT
- Julie Goldstein, Information Security Policy Program Manager, Berkeley IT
- Kamyar Marashi, Applications Security Manager, Berkeley IT
- Katelynn Isabel Hernandez, Research Affiliate, UC Berkeley
- Lars Rohrbach, System Administration Manager, Electrical Engineering & Computer Science
- Lisa Ho, Campus Privacy Officer, Office of Ethics, Risk and Compliance Services
- Liv Hassett, Attorney, Legal Affairs
- Michael Quan, Collaborative Partner, Letters & Science IT
- Neeraj Singh, Alumni Representative, UC Berkeley
- Owen G McGrath, Director of Strategic Initiatives & Programs, Research, Teaching, & Learning
- Robert Lozano, IT Operations Director, Berkeley Law
- Robin Brooke Pappas, IT Governance Program Manager, Berkeley IT
- Ryan Lovett, Director of Computing, Statistics
