15.30 Information Technology Governance

Print Friendly, PDF & Email


Scope: NMSU System

Source: RPM Title 15 | Information Management and Data Security

Policy Administrator:

Last Updated: 03/06/2017



Revision History:

03/06/2017 former Policy 1.30, “Information Technology Governance” re-numbered as Policy 15.30 when BoR adopted Policy 1.30, “Delegation of Authority”
08/10/2016 Policy adopted by Board of Regents

A. Policy Statements

  1. The chief information officer (sometimes referred to as CIO) shall establish and maintain a framework formalizing the Information Technology (IT) governance process to ensure effective, secure, and efficient utilization of NMSU system wide IT resources to best support the mission, vision, and strategic goals of the university. This framework will facilitate broad stakeholder input and ensure executive level jurisdiction over the institution’s IT resources and associated risks inherent to maintaining a secure and agile higher education IT environment.
  2. The following governance authorities will be responsible for recommending and implementing IT policies, rules, procedures and standards in accordance with RPM 1.10 and ARP 1.10 and to recommend resources sufficient to comply with IT standard operating procedures and otherwise carry out the mission of Information and Communication Tech Department on behalf of the institution.
    1. IT Governance Committee(s) with representation from the Community Colleges and Academic, Research, Administrative and Technical areas will be established and maintained, based on the IT governance framework described in this policy.
    2. The chief information officer leads and coordinates the development and implementation of integrated strategic IT plans and policies for the NMSU system; and is responsible for leadership in the evaluation, implementation, management and operation of NMSU system wide Information Technology.
    3. The chief information security officer (sometimes referred to as CISO) provides information security leadership to create and to maintain a risk-based information security program. In accordance with RPM 1.10 and ARP 1.10, the CISO recommends policies, rules and procedures to protect university information and systems.