Information Technology Security Coordinating Committee

As of December 22, 2011

Department of Commerce

Information Technology Security Coordinating Committee

Charter

This charter establishes the Department of Commerce (DOC), Information Technology Security Coordinating Committee (ITSCC). This group serves as a Department-wide forum for sharing information, addressing issues and making recommendations related to Information Technology (IT) Security responsibilities and activities that affect the Department as a whole. The Office of the Chief Information Officer sponsors the ITSCC.

Purpose

The DOC ITSCC shall provide a forum for discussion of issues, working groups to define and resolve technical IT security problems, and recommendations concerning IT security throughout the Department; and shall serve as a source of continuing education for current IT Security Officers.

The DOC ITSCC shall:

• Meet monthly at a place and time to be determined by the Co-Chair,

• Meet at locations accessible by Metrorail,

• Not schedule meetings for Mondays or Fridays nor on days immediately before or after a holiday, and

• Form ad hoc working groups that shall meet as needed to define and resolve technical IT security issues.

Authority

The DOC ITSCC shall be subordinate to and shall report to the Commerce CIO Council.

Membership

• Membership shall consist of the DOC IT Security Program Manager (ITSPM), DOC IT Security Compliance Officer, DOC Enterprise Security Operations Manager and all operating unit ITSOs. The operating unit (OU) ITSO may designate alternates. An OU ITSO will serve as Co-Chairperson at the discretion of the DOC ITSPM.

• A representative from the Office of Acquisition Management, the Office of Human Resources, the Office of Security, and the Office of the Inspector General may attend as observers.

• The ITSCC shall be chaired by the ITSPM and shall, at the discretion of the Chairperson, have a rotating Co-Chair from each OU wishing to volunteer, with a 6 month commitment.

• At the option of the ITSCC, representatives of other organizations may periodically be invited to attend, observe, and contribute to meetings and activities.

Responsibilities

The Chairperson shall:

• Lead and facilitate meaningful ITSCC meeting discussions and identify ad hoc working group issues, in collaboration, as needed, with the Co-Chairperson,

• Designate the ITSCC Secretariat,

• Approve ITSCC meeting minutes for posting to the ITSCC intranet site, and

• Provide support to the Co-Chairperson as needed when Co-Chairperson is not available.

The Co-Chairperson shall:

• Solicit agenda topics from the ITSOs prior to a scheduled meeting,

• Organize agendas that reflect IT Security priorities and current challenges within DOC and the federal government,

• Work closely with the CIO Council to determine possible areas where ITSCC assistance is needed,

• Schedule half day off-site meetings as appropriate, to review ITSCC priorities, and current efforts, and conduct planning activities.

• Create ad hoc working groups with charters and meaningful assignments,

• Facilitate additional enrichment programs, such as a mentorship program for staff, or rotational assignments between OUs, as appropriate and desired by the group,

• Facilitate presentations of the working groups’ outputs to the CIO Council, and

• Assist the Chairperson as needed.

The Ad Hoc Working Groups shall:

• Be set up as needed to define and resolve IT Security issues.

The Secretariat shall:

• Be appointed by the ITSPM,

• Work with the Chairperson and Co-Chairperson to arrange and organize materials to facilitate discussion by the ITSCC,

• Maintain the ITSCC web site, including a current ITSO list, the ITSCC charter, and ITSCC meeting minutes/action items,

• Send the meeting agenda and pertinent read-ahead material to all ITSCC members at least two days prior to a scheduled meeting,

• Distribute meeting agenda at the meeting and record meeting discussion/action items/ attendance, and

ITSCC members shall:

• Attend ITSCC meetings (ITSOs shall designate an alternate federal employee to attend in their absence),

• Promote discussion of concerns of their specific operating unit,

• Participate actively in all discussions,

• Participate in ad hoc working groups as needed to define and resolve technical IT security problems,

• Use the ITSCC to encourage, stimulate and challenge IT security specialists within their OU to become involved and view the impact each has on the security status of the DOC, as appropriate and desired by the group,

• Notify the other members of the ITSCC of their interest in serving as Co-Chair,

• Disseminate relevant discussions and decisions to the appropriate personnel within their operating unit, and

• Notify other members if non-federal personnel are in attendance at an ITSCC meeting.

Meeting Ground Rules and Agreements

• Meetings shall start at the stated time and shall end no later than adjournment time. A meeting can be extended by consensus. There are clear goals and objectives before a discussion starts - understand and agree on the issue/problem/challenge.

• A quorum shall consist of 50 percent of the operating unit ITSOs (or designated alternate).

• ITSCC discussions are open, honest and direct.

• All ITSCC attendees shall respect each other and work through differences toward common goals and objectives.

• All ideas are permitted.

• One person shall speak at a time while everyone else listens.

• The goal is to reach recommendations through consensus so that most members support the recommendations.

• Recommendations shall be presented to the appropriate authorities by the Chairperson, or ad hoc working group leads.

• Meetings minutes/action items shall be recorded posted on the DOC OCIO ITSIT intranet page.

• Contractors in direct support of federal employee members may attend as determined appropriate by the ITSO with oversight of the contractor.