Information Risk Governance Committee (IRGC)

Overview

The Information Risk Governance Committee (IRGC) provides the campus framework for institutional governance of information risk. Information risk includes, but is not limited to, the broad categories of:

  • Autonomy Privacy – ability of individuals to conduct activities without observation;
  • Information Privacy – appropriate protection, use, and dissemination of information about individuals; and
  • Information Security – protection of all information and information infrastructure;
  • Balancing Process – for the sometimes-conflicting interests of Autonomy Privacy and Information Security.

Three types of questions rise to the level of governance:

  • Balance between information security, privacy, transparency, accountability
  • Decision rights on accepting risk and setting institutional risk thresholds: reviewing and deciding on exception requests to information risk management policies. This authority may be delegated to the Chief Information Security Officer (CISO) or Chief Privacy Officer (CPO). IRGC committee executive sponsors and co-chairs may escalate emergency and very high-impact decisions on exception requests to CARE.
  • Oversight of the Campus privacy and Campus information security programs to ensure adequate transparency on how personal information is protected, what data is collected about electronic activities of individuals, and how such data is used.

IRGC is charged by the Compliance, Accountability, Risk and Ethics (CARE) committee to make recommendations on campus information risk issues. These recommendations are campus policy that sets campus information risk tolerances. IGRC’s broad membership allows for evaluation of impact on recommended risk management policies, in respect to the full diversity of campus activities.

While IRGC will, of necessity, deal with topics that touch on technology, the primary focus of IRGC is information risk as viewed through decidedly non‐technical lenses, ranging from alignment with campus values to reviewing the cost‐benefit analysis of proposed policy. When technical depth is required, IRGC is supported and advised by the Campus Information Security and Privacy Committee (CISPC), a campus group of information technology practitioners.

View Full Committee Charter

Box Meeting Materials (committee member login required)

EXECUTIVE SPONSORS

  • Jenn Stringer, Associate Vice Chancellor for IT and Chief Information Officer (CIO)
  • Khira Griscavage, Associate Chancellor, Chief of Staff to the Chancellor; Chief Ethics, Risk, and Compliance Officer (CERCO) & Locally Designated Official (LDO)

CHAIRS

  • Scott Seaborn, Campus Privacy Officer, Office of Ethics, Risk and Compliance Services, Co-Chair
  • Allison Henry, Chief Information Security Officer, Co-Chair

CYBER-RISK RESPONSIBLE EXECUTIVE

  • Anthony Joseph, Chancellor's Professor, Electrical Engineering and Computer Sciences

CISPC REP

  • Gabriel Gonzalez, Chief Information Officer and Assistant Dean, School of Law

MEMBERSHIP

Committee membership is designed to be fully representative of the campus.

Members are expected to be knowledgeable about campus culture regarding privacy, freedom of inquiry, and institutional risk tolerance.

Each control unit executive must grant his or her IRGC appointees the authority to represent the views and priorities of their respective areas, and make information risk recommendations for the campus community.

VOTING MEMBERS:

Representing

Name & Title

Academic Senate

Ethan Ligon
Professor, Department of Agricultural & Resource Economics

Academic Senate - School of Information

Deirdre K. Mulligan 
Professor, School of Information, faculty Director of the Berkeley Center for Law & Technology

Associated Students of the University of California (ASUC)  

Division of Equity & Inclusion Oscar Dubón, Jr 
Vice Chancellor for Equity & Inclusion
EVCP - University Extension Diana Wu 
Dean, University Extension
Facilities Services Sally McGarrahan 
Associate Vice Chancellor, Facilities Services
Graduate Assembly Elizabeth Lawler 
Graduate Student (PhD Candidate, Vision Science)
Library Salwa Ismail 
Associate University Librarian for Digital Initiatives and Information Technology
Office of Ethics Risk and Compliance Services Wanda Ellison Crockett 
Deputy Associate Chancellor
Office of Legal Affairs Liv Hasset 
Associate Campus Counsel
Office of the Chief Financial Officer Chris Stanich 
Associate Vice Chancellor of Financial Planning & Analysis
People and Culture Office Eugene Whitlock 
Assistant Vice Chancellor for Human Resources; Chief People & Culture Officer
Research Administration and Compliance Kairi Williams 
Assistant Vice Chancellor for Research Administration and Compliance
Residential and Student Services Programs (RSSP) Christopher Henning 
Executive Director for Cal Dining
Student Affairs - Admissions & Enrollment Walter Wong 
University Registrar
University Development and Alumni Relations Karl Otto 
Chief Technology Officer, University Development and Alumni Relations
Vice Provost for Faculty Sharon Inkelas 
Professor, Department of Linguistics; Special Faculty Advisor to the Chancellor on Sexual Violence/Sexual Harassment; Associate Vice Provost for the Faculty (AVPF)

NON-VOTING MEMBERS:

Representing

Name & Title

Audit & Advisory Services Jamie Jue
Director, Audit & Advisory Services
Information Security Office Julie Goldstein
Information Security Policy Manager
Office of Ethics Risk and Compliance Services

Laila DeBerry
Campus Risk Manager/Delegations of Authority & Conflict of Interest Coordinator