This control applies to the university Chief Information Security Officer (CISO).

The university CISO, in coordination with Information Resource owners, shall develop, document, and disseminate to units a set of controls that addresses the Personnel Security related to the use of information resources. These controls should include purpose, scope, roles, responsibilities, management commitment, coordination among university entities, and compliance.

The CISO shall review and update the Personnel Security controls as necessary.