Terms of reference
The Cybersecurity Committee is a formally constituted, limited-term committee of Council with responsibility for advising Council (and liaising with the Risk, Audit and Compliance Committee and the Finance and Infrastructure Committee as necessary) regarding cybersecurity issues and risk management.
The Committee’s purpose is to provide focussed oversight for an initial 1-year period on the heightened risk of cybersecurity at the University of Wollongong.
The Cybersecurity Committee shall be responsible for:
- Overseeing the University of Wollongong’s cybersecurity framework across all domestic and international UOW campuses.
- Monitoring developments in cybersecurity and engaging relevant experts to provide advice and guidance as to best practice.
- Reviewing cyber risk exposure for UOW, ensuring cybersecurity risks are identified, managed and reviewed in a timely and appropriate manner.
- Overseeing compliance with applicable information security and data protection laws and industry standards.
- Overseeing the quality and effectiveness of security controls with respect to its information technology systems, network security and data security.
- Overseeing UOW’s disaster recovery, business continuity and business resiliency capabilities in response to cybersecurity incidents.
- Overseeing cybersecurity policies and processes are in place to reflect best practice.
- Overseeing cybersecurity training and uptake.
- Receiving reports from the Cybersecurity Taskforce, the cross-University management group tasked with identifying and addressing cybersecurity issues including and providing assurance regarding compliance with applicable information security and data protection laws and industry standards.
- Reporting to the University Council and liaising with the Risk, Audit and Compliance Committee and the Finance and Infrastructure Committee as necessary regarding cybersecurity issues and risk management.
The Cybersecurity Committee shall consist of:
- An external Council member as Chair;
- Chair of the Risk, Audit and Compliance Committee;
- Chair of UOWGE Board;
- At least one external Council member or co-opted member with recognised professional expertise in information technology; and,
- The Vice-Chancellor.
Where a member is unavailable to attend a meeting, a nominated alternate external Council member may be invited to attend in their place at the discretion of the Chair.
Unless otherwise provided, the term of office of all Committee members shall be two years. Re-appointments are permitted.
The Committee must include representatives from more than one gender.
Invited attendees as non-voting observers:
- Chief Operating Officer and Vice-President Operations;
- Chief Information and Digital Officer;
- Chief Risk and Assurance Officer;
- Other members of the University Senior Executive (as determined by the Chair); and.
- Other persons as determined by the Chair depending on the issues for consideration.
Meetings and Quorum
- The Committee shall meet at least three times per year.
- The quorum for a meeting shall be a simple majority of the total number of members.
Agenda and Minutes
- Secretariat support is provided to the Committee by the Governance and Policy Division.
- The Committee Executive Officer will prepare the draft agenda for approval of the Committee Chair for circulation at least 7 days prior to the scheduled meeting.
- The Committee Executive Officer will prepare the minutes of committee meetings within 7 working days of each meeting and forward the draft minutes to the Chair.
- After the Committee Chair has reviewed the minutes, the draft minutes are to be circulated to all Committee members.
- The minutes of the meetings will be ratified and signed at the next Committee meeting.
- Each set of minutes will be presented to the next available Council meeting.
Evaluation and Review
- To ensure the Committee is fulfilling its objectives, the Committee will assess its performance against its Terms of Reference and provide a report of its findings to the Council.
- The first assessment shall take place after one year and Council will determine whether the Committee be continued or disestablished.