The Strategic Enterprise Risk Management and Compliance (SERMC) committee use two approaches to address current or emerging risks that do not have a clearly defined university risk owner.
- Standing committees and teams to monitor, mitigate and respond to risk and vulnerabilities, and
- Workgroups with specially charged workgroups
The approach forges networks and relationships that are critical to leveraging the university's knowledge, expertise, and problem-solving skills to address complex and intertwined risk and safety issues. The process improves senior leadership's situational awareness of campus vulnerabilities and our campuses adaptive capacities to incidents that could impact the ability of the university.
SERMC Workgroups are charged by the committee to review current university policies, procedures, and operations, research promising practices, and develop a set of recommendations for a specific or potential risk or exposure identified by the committee. Workgroups are composed of inter-department management staff, with expertise, knowledge or responsibilities related to the identified risk they are charged to review. Members represent different divisions and units from across the university. Most workgroups are charged to present their findings and next step recommendations to the SERMC Committee within 120 days of the initial charge.
Standing Committees and Teams:
Standing committees or teams have a standing charge to address risk or safety issues on campus. Below is a list of the standing management committees.
- The Campus Vulnerability Assessment Team conducts coordinated, site-specific vulnerability assessments that evaluate safety, security, risk, emergency preparedness, and business continuity and oversees security policies and procedure.
- The Institutional Biosafety Committee was created as a requirement under the NIH Guidelines for Research Involving Recombinant or Synthetic Nucleic Acid Molecules and is responsible for ensuring that the research is conducted in full conformity with the provisions of the NIH Guidelines.
- The Laboratory Safety Committee is delegated primary responsibility for safety in laboratories, including instructional, research, and support workers in laboratories. The committee oversees the development and implementation of the university’s Chemical Hygiene Plan.
- The UO Incident Management Team provides the command and control infrastructure that is required to manage the logistical, fiscal, planning, operational, safety and campus issues related to any and all incidents/emergencies.
- The Data Security Incident Response Team addresses data security issues and oversees the response to data security incidents by collaborating with the data stewards to ensure effective procedures for identifying suspected or actual breaches; overseeing or directly manage university response efforts to incidents involving data or security breaches.
- The Behavioral Evaluation and Threat Assessment Team exists to mitigate behavioral threats on campus through an integrated process of communication, education, prevention, problem identification, assessment, intervention, and response to incidents.
- The Safety Advisory Committee assists the university administration in providing a safe and healthy workplace for faculty, staff, and student workers by making recommendations on health and safety issues in accordance with OAR 437-001- 0765.
- The Radiation Safety Committee is delegated primary responsibility for the safe use of ionizing radiation, including but not limited to instructional, research, and support functions. The committee serves as the administrative body required by state rules and under the conditions of the university’s license for radioactive materials.
- The Payment Card Industry Team was created to reduce the risk of card data breach and to maintain compliance with Payment Card Industry data security standards. The team maintains the UO Payment Card Acceptance Policy and Procedures, oversees an annual PCI risk assessment process, engages a Qualified Security Assessor (QSA), partner with campus merchants, and business, IT and procurement professionals, and oversees the activities of the PCI program coordinator.
- The National Security and Research Committee was created to maintain an ongoing understanding of the regulatory landscape; educate the university community on national laws, policies, and regulations; and develop procedures that enable the advancement of the university mission while maintaining compliance with national laws, policies, and regulations.
- The Information and Communication Technologies Accessibility Committee provides oversight and support for policies and procedures related to access, equity, and inclusion for information and communication technologies. This includes services employing information technology and telecommunications equipment used to support the university's mission. The committee helps to ensure equitable access to the university's increasing digital environment.