The primary governance body for information security and privacy at UC Berkeley is the Information Risk Governance Committee (IRGC). The IRGC is part of the Campus Compliance and Campus IT governance structures, and is charged with the following responsibilities:
- Setting and overseeing policies and procedures for balancing privacy and security
- Setting and overseeing policies and procedures for accepting information risk
- Broad oversight of the Campus information security and privacy programs
The IRGC is supported by the Campus Information Security and Privacy Committee (CISPC). The CISPC is tasked with researching questions presented to the CISPC by the IRGC, in order to support decision-making by the IRGC. Recommendations made by the CISPC are presented independently of the recommendations made by either the Campus Privacy Officer or the Chief Information Security Officer.
The relationship of IRGC to IT governance structures is available on the UC Berkeley Technology website at technology.berkeley.edu/governance. The relationship of IRGC to compliance governance structures is specified in the IRGC charter itself.