Compliance office reviews policy and enforcement progress; CIO previews IT security executive session

Chief Compliance Officer Cameron Lon told the audit committee that the compliance function rests on three pillars: prevention (policy and education), response (investigations and remediation) and data collection/analysis. Lon said the compliance office now manages a policy portfolio, civil-rights coordination, ethics services and privacy/FERPA matters, and noted that SFI (statement of financial interests) filings for identified system-level filers achieved 100% completion by the May 1 deadline.

Lon also reviewed the PECARD policy rollout, saying the system is now able to identify and respond to misuse more quickly and that institutions retain discretion over local enforcement approaches. He said staffing has expanded from zero to five people in the compliance office and that four committed new lines include a full-time data-privacy officer.

Interim Chief Information Officer Michael Mundra provided a public overview of his coordinating role across institutional IT, citing work on ERP modernization (Banner/ERP contract coordination), a systemwide push for multi-factor authentication to improve security, and ongoing staffing and compensation pressures that affect retention. Mundra noted certain matters would be discussed in executive session and the committee subsequently moved to an executive session to discuss information-technology security under cited board policies.

Committee members thanked compliance and IT staff for progress and agreed to continue regular updates to the committee.