The PASS Council
In 2001, the Privacy Assurance and Systems Security (PASS) Council was chartered as a central administrative authority to provide oversight regarding planning, direction and policy for security and assurance of the UW information systems, networks and the information that resides on them. The PASS Council performs the following services:
- Oversee the development, implementation and maintenance of a university-wide strategic information systems security and assurance plan (including security awareness programs, defined incident response processes, access control mechanisms, and defined organizational roles and responsibilities).
- Oversee the development, implementation and enforcement of university-wide information systems security policy and related recommended operating and technical standards.
- Advise the university administration on related risk issues and recommend appropriate actions in support of the university's larger risk management programs.
- Ensure related compliance requirements are addressed (e.g. privacy, security and administrative regulations associated with HIPAA and other Federal and State rules).
- Ensure appropriate risk mitigation and control processes over security incidents as required.
The PASS Council works with administrative and technical staff at the UW to achieve broader recognition of the risk inherent in having network-connected computers that are not securely maintained, and to understand the need for having and adhering to policy, guidelines, and standards for installing and maintaining secure systems on the UW network.
Measuring the cost verses the risk, as well as the need for access to information, the PASS Council establishes working Groups to design processes and requirements for the maintenance of network-connected computers.
Policies and Procedures
- UW Information Systems Security Policy
- Minimum Computer Security Standards
- Minimum Data Security Standards (Data Classification and Related Measures of Protection)
- UW Electronic Privacy Policy on Personally Identifiable Information
- UW Guidelines for Implementing Systems and Data Security Practices - (Draft V4 May 2003)
