Laserfiche WebLink
ERMU Management Policy—A.24a Information Security Committee Charter <br /> the Committee action shall not be inconsistent with applicable laws and policies which regulate <br /> the City of Elk River. The Committee meetings may be open or closed to employees at the <br /> discretion of the Committee Chair. <br /> AUTHORITY: <br /> Except as established in this Committee Charter, the authority of the Committee is limited to the <br /> purpose of research and recommendation to ERMU and City leadership teams. <br /> SPECIFIC DUTIES: <br /> 1. Policies and Procedures: Assist ERMU and City leadership in the development of <br /> information security related policies. Review effectiveness of information security policy <br /> implementations. Identify and recommend how to handle non-compliance. Assist with the <br /> development of information security related procedures, standards, guidelines, and baselines <br /> to the ERMU and City leadership teams. At least annually, provide timely reports including <br /> recommendations regarding effectiveness of polices and procedures to ERMU and City <br /> leadership teams. <br /> 2. Risk Assessment: Review industry appropriate information security trends to maintain an up- <br /> to-date perspective on related risks and industry's best practice risk mitigation methods. <br /> Identify significant threats and vulnerabilities. Assess the adequacy and coordination of the <br /> implementation of information security controls. Recommend methodologies and processes <br /> for information security. Evaluate ongoing related legal and regulatory compliance changes. <br /> Review incident information and recommend follow-up actions. At least annually,provide <br /> timely reports including recommendation regarding risks assessment to ERMU and City <br /> leadership teams. <br /> 3. Budget Development: Develop data needed for thorough evaluation of proposed information <br /> security initiatives for budget preparation and consideration. Information shall include <br /> options, risk evaluation, resource requirements, implementation timelines, and costs. At least <br /> annually and coordinating with their respective budgeting process schedules, provide timely <br /> reports regarding information security initiatives proposed for consideration to ERMU and <br /> City leadership teams. <br /> 4. Education and Awareness: Function as an information security program champion providing <br /> clear direction and unity in ERMU and City leadership teams' support for approved security <br /> initiatives and policies. Develop and implement plans and programs to maintain information <br /> security awareness. Promote information security education, training, and awareness <br /> throughout ERMU and the City. <br /> SCHEDULE: <br /> At a minimum, the Committee shall meet on an annual basis. <br /> Page 2 of 3 <br /> 44 <br />