• Some combination of the above.
Location: A discrete organization or entity governed by the Regents of the University of
California. Locations include, but are not limited to: campuses, laboratories, medical centers
and health systems, as well as satellite offices, affiliates or other offices in the United States
controlled by the Regents of the University of California.
Service Provider: A UC internal organization that offers IT services to Units. Service Providers
typically assume most of the security responsibility and help Units understand Unit
responsibilities with respect to cyber security.
Supplier: An external, third-party entity that provides goods or services to UC. BFB-IS-3 Part III §
15 describes what Suppliers must do. UC has specific contract terms that clarify the
responsibilities of Suppliers and protect UC.
UC: University of California.
Unit: A point of accountability and responsibility that results from creating/collecting or
managing/possessing Institutional Information or installing/managing IT Resources. A Unit is
typically a defined organization, such as the school of engineering, or a set of departments,
such as student affairs. Because UC is a highly decentralized and independent federation of
organizational units, the policy provides Units with the flexibility and responsibility to manage
cyber risk.
Unit Head: A generic term for dean, vice chancellor or person in a similarly senior role who has
the authority to allocate budget and is responsible for Unit performance. At a particular
Location or in a specific situation, the following senior roles may also be Unit Heads:
department chairs, assistant/associate vice chancellor (AVC), principal investigators, directors
or senior managers. Unit heads have important responsibilities to ensure effective
management of cyber risk.
Unit Information Security Lead: A term for the Workforce Member(s) assigned responsibility
for tactical execution of information security activities including, but not limited to,
implementing security controls; reviewing and updating Risk Assessment and Risk Treatment
plans; devising procedures for the proper handling, storage and disposal of electronic media
within the Unit; and reviewing access rights.
Workforce Member: An employee, faculty, staff, volunteer, contractor, researcher, student
worker, student supporting/performing research, medical center staff/personnel, clinician,
student intern, student volunteer or person working for UC in any capacity or through any
other augmentation to UC staffing levels.