University of Illinois System

Areas of Focus

Digital risk management requires ongoing engagement across many activities. Currently the Digital Risk Office is focused on the following 8 areas:

Business Continuity and Disaster Recovery Program

Business continuity ensures operations and core business functions are not severely impacted by a disaster or planned incident that takes critical systems offline. Disaster recovery focuses specifically on the technical aspects of how the U of I System can return to normal operations.

Strategy: Partner with university leadership to ensure that continuity planning and disaster recovery are aligned and inform operational and risk decision-making. Support system-wide continuity and disaster recovery governance and program efforts.

Cloud and Distributed Work Environment Security

Cloud and distributed work environments refer to the ability for individuals to access university-related resources and data from anywhere, as long as they have an internet connection. Security is critical in any work environment but especially important in cloud and distributed work environments.

Overall, cloud and distributed work environments can offer many benefits, including increased flexibility and productivity. However, it is essential to implement robust security measures to protect data and prevent breaches.

Strategy: Foster and support organizational capabilities that allow the universities to reduce risk for data stored in the cloud and allow detection of threats to university data regardless of physical location.

HIPAA Privacy and Security Program

The University of Illinois System is committed to protecting the privacy and security of health information, as mandated by the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) and the Health Information Technology for Economic and Clinical Health Act of 2009 (“HITECH”). HIPAA and HITECH establish national standards for protecting the privacy and security of health information and define specific rights for individuals with respect to their health information. The HIPAA Privacy and Security Program ensures these standards are implemented at the university.

Strategy: Support the organization in managing its HIPAA privacy and security risk, while advancing healthcare to improve the health of our patients and communities, promote health equity and develop the next generations of healthcare leaders.

ICT Accessibility Program

Information and Communications Technology (ICT) Accessibility is technology that can be used by people with a wide range of abilities and disabilities. Accessibility results in eliminating barriers to information and communication technologies, providing equitable solutions to engage our university community, and encouraging development of accessible technologies and techniques.

Strategy: Foster and support organizational capabilities that allow the universities to incorporate ICT Accessibility by design into everyday operations.

Identity Access Management Program

Identity and Access Management (IAM) provides appropriate access to university resources. Identity management connects you with your online identity at the University of Illinois System. Access management lets approved individuals into the university systems and keeps out those who are not eligible. See below for more information on the governance policies.

Strategy: Create an IAM program to focus on a multi-year strategy and roadmap that aligns institutional process and IAM operations and increases digital capabilities while providing a consistent user experience and access management.

Privacy and Security Programs

The University of Illinois System's privacy and security programs are comprised of policies, procedures, and practices designed to protect information, enable our mission, and assist in compliance with relevant privacy and security regulations. The goal of a privacy and security program is to establish a framework that allows the U of I System to identify and mitigate privacy and security risks, implement effective safeguards, and respond quickly and effectively to any privacy or security incidents. An effective program is tailored to the specific risks and needs of the organization and regularly reviewed and updated.

Strategy: Collaborate and support the universities' information security and privacy programs to continuously improve effectiveness and efficiency in protecting information resources, while enabling digital capabilities and opportunities.

System-wide Digital Risk Assessment Program

A digital risk assessment program enables individuals and the organization to evaluate and manage potential risks and opportunities associated with digital assets, such as computers, infrastructure, and data. By identifying and prioritizing potential risks and opportunities, the University of Illinois System can proactively manage digital risks and reduce the likelihood of cyberattacks, data breaches, and other types of digital threats.

Strategy: Establish a continuous function to identify, assign, train, and help facilitate risk owners at all levels of the organization in addressing digital risk.

Third-party Digital Risk

Third-party digital risk is any risk brought on to an organization by external parties in its ecosystem or supply chain. Such parties may include vendors, suppliers, partners, contractors, or service providers, who have access to internal university data, systems, processes, or other sensitive information. Appropriate management of third-party risk reduces the university’s exposes to supply chain attacks, data breaches, and reputational damage; while enabling the university to achieve its mission.

Strategy: Maintain a system-wide shared service and governance to manage third party digital risk