[ skip to content ]

More Information about this image

Handbook and paperwork for the newly hired.

Old Dominion University

Information Technology Standard

08.2.0 IT Security Program Review

Date of Current Revision or Creation: November 1, 2021

The purpose of an Information Technology Standard is to specify requirements for compliance with Old Dominion University Information Technology policies, other University policies, as well as applicable laws and regulations. Standards may include business principles, best practices, technical standards, migration and implementation strategies, that direct the design, deployment and management of information technology.

  1. Purpose

    The purpose of this standard is to establish the management responsibilities and define the elements to be examined in information security program reviews.

  2. Definitions

    Information Security Officer (ISO) is responsible person for developing, reviewing, evaluating, and managing the University's Information Security Program.

    Information Security Program is the framework of general principles, guidelines and security controls and elements used to protect University data and assets and to satisfy the laws and regulations relevant to information security.

    Information Security Review is a summary of security recommendations and safeguards to be developed by the University, the IT Security Team and the technical staff for the continued protection of information technology assets.

  3. Standards Statement

    The Old Dominion University Information Security Program elements are reviewed on an annual cycle and when significant changes occur to ensure its continuing suitability, adequacy, and effectiveness.

    The IT Security Program Reviews include assessing opportunities for improvement of information security policy and the approach to managing information security in response to changes to the organizational environment, business circumstances, legal conditions, or technical environment.

    The ISO reviews should include information on these topics as appropriate:

    • feedback from interested parties
    • results of independent reviews
    • status of preventive and corrective actions
    • results of previous ISO reviews
    • process performance and information security policy compliance
    • changes to the organizational environment, business circumstances, available resources, contractual, regulatory, and legal conditions, or to the technical environment
    • trends related to identified threats or vulnerabilities
    • reported information security incidents
    • recommendations provided by relevant authorities

    ISO management reviews will document decisions and\or actions related to:

    • improvement of the organization's approach to managing information security and its processes
    • improvement of control objectives and controls
    • improvement in the allocation of resources and\or responsibilities

    Based on the results of the reviews, the ISO Office develops an IT Security Review outlining strategies and actions for the protection of the confidentiality, integrity, availability, and accountability of the University's information technology assets.

  4. Procedures, Guidelines & Other Related Information

    Federal and State Law

    University Policy 3505 - Security Policy

  5. History

    Date Responsible Party Action
    April 20, 2010



    October 2011



    August 2015

    IT Pollicy Office/ISO

    Three year review, updated links.

    July 2018 IT Policy Office
    Definitions and links checked
    November 2021 IT Policy Office Definitions and links checked

Site Navigation

Experience Guaranteed

Enhance your college career by gaining relevant experience with the skills and knowledge needed for your future career. Discover our experiential learning opportunities.

Academic Days

Picture yourself in the classroom, speak with professors in your major, and meet current students.

Upcoming Events

From sports games to concerts and lectures, join the ODU community at a variety of campus events.