Information Security Compliance Office

The Minerva in front of the oval where Grawemeyer Hall sits

We serve as the university's resource for information security compliance and administer its information security compliance program.

What We Do

The Information Security Compliance Office (ISCO) oversees information security policies and standards; provides compliance oversight and risk assessments; coordinates information security efforts and incident/breach response; and increases user awareness. Reporting through the Office of the Vice President for Risk, Audit, and Compliance, the ISCO works in conjunction with IT Enterprise Security, Audit Services, Institutional Compliance and officials in compliance areas such as GLBA, HIPAA, FERPA, PCI and Research to maintain regulatory compliance and to protect the confidentiality, integrity and availability of university information assets.

Our office is available to consult with you on questions about data regulations, storage or protection of student, employee, research or patient information.

Services and Resources

The primary goal of the information security compliance program is to protect the confidentiality, integrity and availability of university information assets.

Consistent University Information Security policies and supporting standards provide a common approach to compliance, regulatory and operational requirements.

A key component in the success of the University's Information Security Compliance Program is awareness. We provide a variety of awareness and training resources.

Every user of university information resources is responsible for the protection of information assets; certain offices and individuals have very specific responsibilities.

The vendor assessment process helps us ensure the security and protection of information resources, including sensitive data transmitted by, stored by or shared with a third-party vendor.

University of Louisville data is a critical university resource and asset. It often contains sensitive data that requires protections and controls.

Report an Information Security Incident or Data Breach

Information security is everyone's responsibility. To report a violation or suspected information data security incident or data breach, contact the Information Security Compliance Office. To report a cybersecurity incident, contact ITS. You can also anonymously report any compliance violation or suspected incident via the 24-Hour Compliance Hotline at 1-877-852-1167.

Report a data incident or data breach

Call the 24-Hour Compliance Hotline

Report a cybersecurity incident

Contact Us