Delegation of Administrative Authority and Responsibility for Information Assurance, Security, and Awareness (WL-4)

Volume WL: West Lafayette
Chapter: N/A
Issuing Office: ITaP
Responsible Officer: Vice President for Information Technology
Responsible Office: ITaP
Originally Issued: August 25, 2003
Most Recently Revised: November 18, 2011


Statement of Policy
Who Should Know This Policy


The following specific assignments of administrative authority and responsibility are hereby delegated to the Vice President for Information Technology for the West Lafayette campus to assist and act for the President. The Vice President for Information Technology shall:

  1. Have responsibility for:
    1. Implementation of effective and practical technology, groups and processes to secure the network and computing infrastructure of the University.
    2. Development and implementation of a security awareness program to be offered periodically to all University faculty, staff and students.
    3. Development of a risk assessment procedure to be used for ongoing monitoring of all University systems.
    4. Development of global, effective and practical University policies, procedures, guidelines and best practices related to information assurance and security.
  2. Have authority to disconnect any device or disable any account if it is believed that either is involved in compromising the information security of the University until such time it is demonstrated that the device or account no longer poses a threat. Devices will not be disconnected without consultation with agreed upon departmental or unit officials, unless a critical situation exists (i.e., serious vulnerability, denial of service, worm or virus attack) and organization officials cannot be contacted quickly.
  3. Have authority to stop application development or deployment efforts if it is found during a Risk Assessment that the impact of a particular threat will compromise the information security of the University until a remedy is implemented to reduce or eliminate the impact of that threat.
  4. Provide guidance and support for regional campuses in information assurance, security and awareness efforts as appropriate.

In all instances, administration and approvals shall be in accordance with existing laws, policies and regulation of the University as set forth in the Indiana statutes, the University Code, the Business Procedures Manual and the ByLaws and actions of The Trustees of Purdue University. Deviation from these policies will require advance written approval by the President of the University.

On each of Purdue's regional campuses, the Chancellor shall be responsible for implementing and administering similar Delegation of Administrative Authority and Responsibility for Information Assurance, Security and Awareness.


Executive Vice President and Treasurer
Vice Presidents
Directors/Department Heads/Chairs
Principal Investigators
Business Office Staff
Administrative and Professional Staff
Clerical and Service Staff
All Employees
Undergraduate Students
Graduate Students


Office of the Provost (765) 494-0665
Office of the Executive Vice President and Treasurer (765) 494-9705
Office of the Vice President for Information Technology (765) 496-2270


November 18, 2011: Policy number changed to WL-4 (formerly V.1.1).

September 25, 2008: Contacts updated.

Purdue University, 610 Purdue Mall, West Lafayette, IN 47907, (765) 494-4600

© 2017 Purdue University | An equal access/equal opportunity university | Copyright Complaints | Maintained by University Policy Office

Trouble with this page? Disability-related accessibility issue? Please contact University Policy Office at