This governance framework shall include a steering committee or advisory board comprised of key cybersecurity, data privacy, business administrators, and faculty who shall meet formally and on a regular basis to coordinate cybersecurity efforts, ensure data protection, and align with organizational objectives.

The college's cybersecurity governance framework will include regular oversight reporting and recommendations provided to executive decision-makers on matters deemed material to the organization's cybersecurity and data protection program, ensuring informed decision-making and effective risk management practices.

The college will ensure that cybersecurity policies, standards, and procedures are developed, maintained, and disseminated across the organization to govern the protection of digital assets and data.

The organization shall conduct regular reviews of its cybersecurity and data privacy program, including policies, standards, and procedures, at planned intervals or following significant changes to ensure their continuing suitability, adequacy, and effectiveness.

The college will designate a Chief Information Officer (CIO) with the authority and responsibility to oversee the development, execution, and continuous enhancement of the enterprise-wide cybersecurity and data protection program. The CIO will be equipped with the necessary resources and support from senior management to effectively manage, coordinate, and maintain the program in accordance with established policies and procedures to mitigate cyber risks and protect sensitive information.

The college’s cybersecurity policy shall outline the control objectives as the basis for the selection, implementation, and management of the organization's internal control system in alignment with NIST 800-53r5 controls.

The college shall securely dispose of, destroy, or repurpose system components using organization- defined techniques and methods to prevent information from being recovered from these components.