Information Assurance & Consulting

Penn’s Information Assurance program utilizes tools and risk-based analysis functions which provide visibility to risks.  The primary outreaching tools are Security & Privacy Impact Assessment (SPIA), Vendor Assessment Technical Assessment of Risk (V-STAR), information security policy variances and critical components scanning.  The process provides visibility to risk for Penn’s relevant governance committees.

The Office of Information Security provides consultation for common information security needs including risk management and Splunk analysis.

Last year, the University’s Mission Continuity Program (MCP) was asked to expand to include a Business Impact Analysis (BIA), determining Penn’s critical priorities and dependencies, and the potential impact on our ability to do business if critical components became unavailable. Over the course of six months during 2018, the MCP collected information from all Schools and Centers about Penn’s critical processes, functions, and systems. All this information has been loaded into the MCP database, called Shadow-Planner, and is being analyzed. This analysis will help leadership make decisions about where to deploy University resources in the event of any outages or disruptions.

Read More