Communication Plan

Purpose

The purpose of the communication plan is to inform, request, position, consult, and champion the FAS Data Security Compliance Program.

Communicator Roles

FAS DSCP Analyst | Edel Alon

DSCP Champions | Jane Wong & Cindy Yoxsimer

Communication Plan

Subject Purpose Communicator Stakeholders Messages Delivery Method Frequency Feedback Measures of Success
FAS Data Security Strategy Communicate the value of the DSCP strategy and discuss the actions and plans over the next 3 months. FAS DSCP Analyst/Champions FAS Leadership

Strategy reflecting the direction of the program.

In person Quarterly Qualitative feedback from FAS Leadership Have buy in from senior leadership to push initiatives to system owners.

FAS DSCP Status Updates

Give a general status of the project FAS DSCP Analyst FAS DSCP Core Give a top level view of the status of the project. FAS Data Security Website Web Qualtiative feedback from FAS DSCP Core Core members know what has been done and where we are going.
FAS DSCP Call for Information Gather information about FAS systems that have not been documented. FAS DSCP Analyst/Champions FAS System Owners Message to gather information about systems within the FAS organization. This could be a survey or a targeted email to a specific system owner. Email/Qualtrics/FAS Data Security Website As needed Qualitative feedback from System Owners System owners complete task requested from them.
System Owner Remediation Inform system owner of remediation steps for system. FAS DSCP Analyst System Owners Communicate remediation steps to system owner. Email/Qualtrics As needed Qualitative feedback from System Owners System owners work on remediation steps.
FAS Data Security compiles the status of remediation steps for the system.
Security Policy and Procedure Updates Inform FAS system owners to make sure they are following security procedures and that all system owners and IT staff comply with security related policy changes. FAS DSCP Analyst All FAS Reminder of IT Security to all FAS Email/FAS Data Security Website Quarterly Qualitative feedback from FAS DSCP Core Using the survey to manage feedback and success.
Security Training Reminder of IT Security training requirements. Will audit the report of who has completed the training(s) and report back to managers when needed. FAS DSCP Analyst All FAS Reminder to take mandatory IT training. Email/FAS Data Security Website Quarterly Qualitative feedback from System Users Keeping at 95% completion for all of FAS.

 

Feedback/Measures of Success

A Qualtrics survey will be attached to emails and website requesting feedback on the communication.

Targeted Communications (will backpack on IT Security announcements)

Physical Security Practices
Encryption and Media Handling
Access Management Policies and Procedures
Termination Policies and Procedures
Transmission Security Policies
Business Continuity Plan
Logging & Monitoring Policies & Procedures
Monitoring and Enforcement of Technical Security Safeguards

Templates

PowerPoint templates will adhere to the UCSF Identity Standards found here: http://identity.ucsf.edu/

Communication Review/Workflow

Communications may be reviewed by FAS DSCP Core committee, FAS DSCP Champions, or FAS DSCP Analyst.