The entity, created in accordance with the NCh2777 standard, began operating in March 2020 and, within the framework of the challenges of the pandemic, has had to work rapidly on the discussion and recommendation of preventive measures and action protocols to safeguard and protect the Institutional Information.

Maintaining the confidentiality, availability and integrity of data is, today, an essential practice for learning organizations. Even more so, in the midst of the pandemic that, in the case of ULS, supports its university community in preventive quarantine mode, with teleworking and remote training.

To achieve this, since March 2020 the Information Security Committee, established by resolution No. 488 of 2019, began to meet at the University of La Serena, whose function is to ensure the implementation of policies, measures and protocols, both from academic units as administrative, to deliver institutional guarantees of information protection.

Its creation is part of the disposition of the General Secretariat of the Presidency - protected by decree No. 83 and norm NCh2777 - to create Information Security Committees in the universities of the State of Chile. ULS is one of the first universities to launch this instance, made up of the Vice-Rector for Economic and Administrative Affairs, Dr. Armando Mansilla; the Director of Strategic Development and Quality, Dr. César Espíndola; the lawyer of the Legal Department, Julio Landaeta; the Director of Human Resources, Miguel Sánchez; the Director of the Information and Computing Center, Mg. Luis Andrés Moya; the Director of Services, Mg. Marcos Sepúlveda; the ULS Internal Comptroller, Enrique Acevedo; and the technical member, Mg. Carlos Pedreros.

The Committee appointed as Information Security Officer Marcelo Zepeda, an official of the Information and Computing Center, CICULS, who, among his duties, must ensure the correct application and compliance with the policies, regulations and procedures implemented by the committee and coordinate the work between the different units of the institution regarding information security.

Protection of Information

Regarding the protection of information within the university, the Information Security Officer, Marcelo Zepeda indicates that “both the Committee and the Information Security Officer respond to the institution's commitment to the protection of information. of the university, taking into account that this is an important and critical asset for institutional management, treating it in its broadest definition, not only as data stored within a database, but also as written, spoken, physical or digital documents. And he adds that “in addition, he considers people and their interaction with information, the technological equipment that people use within the university, the use of institutional emails and the transfer of information between units.”

On going

Between March and June 2020, the Committee has met regularly through remote communication platforms, with ordinary and extraordinary sessions.

The initial planning was for one ordinary meeting per month, however, the urgency with which institutional needs have arisen in the context of the pandemic, teleworking and remote training, has required the team to meet in an extraordinary manner to address the challenges and accompany the institution in this accelerated transition towards the adoption of technologies for its work.

Asked about the main tasks carried out in this period of operation, the Committee identifies 3 main lines of action: the work of creating the information security policy proposal for the university - based on ISO 27000 and 27001 standards -, the development of an Information Security Management System for the ULS and, finally, advice to the different units of the institution on information security matters, with queries on the right to privacy being particularly attended to and resolved. people, within the framework of teleworking and remote teaching.

Finally, Zepeda explains the importance of having an Information Security Committee for an institution. “Today it is important to have a security committee, since it allows us to establish the minimum policies, procedures and protocols necessary to safeguard the security of the institution's information and identify the risks associated with its treatment as it implies in this matter. Furthermore, the creation of this committee makes it possible to spread awareness of information security throughout the university community in a transversal manner, which makes it possible to increase the effectiveness of the measures recommended by this committee to senior management.”

Written by Tomás Rodríguez, DirCom.