We all have responsibility for maintaining the security and confidentiality of information resources and must comply with security policies and procedures. Certain individuals, however, have specific information security responsibilities that are established in state directives:

Chief Administrative Officer (President of UTSA) - Establishes and maintains security and risk management programs for information resources at UTSA.

Information Resources Manager (Associate Vice President for Information Technology) - Maintains policies and procedures that provide for security and risk management of information resources.

Information Security Officer - Directs policies and procedures designed to protect information resources (e.g. identifies vulnerabilities, develops Security Awareness Program, etc.).

Owners of Information Resources (Vice Presidents, Associate Vice Presidents, Department Heads) - Responsible for carrying out the program that uses the resources. This does not imply personal ownership. These individuals may be regarded as program managers (e.g. Associate Vice President for Financial Affairs is the owner or "program manager" of financial information).

Custodians of Information Resources (e.g., Directors of Administrative Computing, Technology Support Services, Distance Learning and Telephone Services) - Provide technical facilities, data processing, and other support services to owners and users of Information Resources.

Technical Managers (Network and System Administrators) - Provide technical support for security of information resources.

Internal Auditors - Conduct periodic risk-based reviews of information resources security policies and procedures.

Users - Access University information resources in accordance with the owner defined controls and access rules