Appendix A: Program Oversight Responsibilities

Oversight and maintenance of the Written Information Security Program is the responsibility of the VP of Information Systems & Technology, the Vice President of General Counsel and the Institute Auditor.

Responsibilities of this group

  • Annually reviewing the effectiveness of the Information Security Program;
  • Apprising the MIT's Audit Committee of any significant incidents, or changes in the Information Security Program;
  • Overseeing communication and training;
  • Updating the Program, policies, guidelines and standards as needed;
  • Participating in any data breach de-briefing;
  • Sponsoring/overseeing one or more working groups, as circumstances require, to see that these Program responsibilities are achieved.


This group is not required to meet on an established frequency, but will convene as needed to respond to changing regulations, business conditions, data incidents, significant audit findings, or other incidents that may prompt discussion. This should occur no less than annually.