The Security Compliance unit is responsible for creating institutional awareness about and adherence to IT security policies, procedures, and best practices, ensuring compliance with regulatory standards such as PCI, FERPA, GLBA, Red Flag, HIPAA, and FISMA, and conducting IT security assurance audits to validate the effectiveness of existing controls. This unit works closely with IT Quality Control on developing enterprise-wide IT security policies and standard operating procedures that address the regulatory and data protection needs of the University. IT Security Compliance is the primary interface to engage firms conducting risk assessments, penetration tests, vulnerability scans, and similar IT security audit engagements. This unit also reviews the security aspects of various contracts and guides the establishment of IT security procurement standards.