Audits and Assessments

 The scope of audits and assessments that are provided as a function of this service are either conducted by one or more people within the University, or provided by an independent third party that is either overseen or supported by Framingham State personnel:

• Adherence to University policies, procedures, guidelines and adopted standards (e.g. the CIS Control Framework).
• Periodic review and certification of Framingham State personnel and non-payroll contractor access to information systems that are used to manage data that are under the stewardship of the University, including those under the administration of the Commonwealth of Massachusetts that contain financial, payroll, and related data.
• Attestations of compliance with applicable industry standards, laws and regulations, Commonwealth of Massachusetts mandates, and contractual obligations the University is obligated to abide by in order to protect institutional data, systems, personal information, privacy, and copyright.
• Evaluation of training and awareness campaigns (e.g. phishing drill assessments) and controls implemented to reduce the overall risks associated with information that is under the stewardship of the University, related technological infrastructure, and third-party product or service providers (e.g. risk assessments conducted by providers of cyber insurance coverage).
• Office of the Comptroller (CTR) and other Commonwealth of Massachusetts agency reviews, audits, and assessments.

This service is available to all University Faculty and Staff

• Identifying unmet and anticipated needs for greater adoption of generally accepted best practices for risk management, information security, and cybersecurity.
• More efficient and consistent capture, storage, management, and sharing of information that is needed for and generated by audits and assessments.
• Better planning and coordination associated with scheduling, supporting, and then following up of the recommendations and findings from audits and assessments.

None

Click on “Request Assistance” from this web page in order to provide us with some basic information about your unmet or anticipated need and then submit your request.

Information Security Program for Framingham State University

Within three business days, someone from Information Technology Services (ITS) will respond to your request. Depending on the complexity of the request and workload within ITS, a target fulfillment date will be set between four and eight weeks out from the initial request. Priority will be given to urgent requests where warranted and efforts will be made to expedite the turnaround time for these requests as may be necessary.