What happens if a recommendation that the team elected to accept is not implemented within the timeline stated in the Action Plan? Or if a recommendation is never implemented as planned?
For most recommendations, the unit head will decide the consequences of failure to implement. Failure to implement constitutes an acceptance of the risk by the unit. For High Priority recommendations mandated by the UA security standards, possible consequences are described in Part VI (Recourse for Non-Compliance) of the Information Security Policy. According to Part II (Authority), the Chief Information Officer and the University Information Security Officer are responsible for enforcing the Policy and the supporting standards and procedures (including the Risk Assessment Standard and the Risk Assessment Procedure). Vice Presidents, Deans, Directors, Department Heads and Heads of Centers have management authority and are expected to take appropriate actions to comply with the Policy.
Related Questions
- What happens if a recommendation that the team elected to accept is not implemented within the timeline stated in the Action Plan? Or if a recommendation is never implemented as planned?
- What if all of the cost-effective energy-saving measures identified in an energy savings action plan have already been implemented?
- What happens after the 2020 Action Plan is implemented?
