Committee on Information Technology Security (CITS)

  • Distribution Group:  [email protected]
  • Contact:  Patrick Phelan
  • Standing Meeting: TBD
  • Materials:  Request with IT Governance contact
  • Chair:  Michael Blum


The Committee on IT Security (CITS) is responsible for oversight of UCSF’s information security program and ensuring alignment between the program and the UCSF’s mission of advancing health worldwide through research, education, and patient care. CITS members represent schools and business units from across the enterprise, providing expert counsel to guide security strategy, assurance, compliance and policy directing reasonable and appropriate actions are taken to protect UCSF electronic information resources. The committee seeks to promote balance between the need for protection and the productivity needs of the UCSF.


CITS’ scope includes matters of information security across the entire UCSF enterprise, including UCSF Medical Center, schools, and administrative areas, as well as affiliates accessing UCSF information resources.


  • Evaluate, author, review, and approve information security policies that address risk and align with applicable federal and state regulations, University of California policy, risk, insurance and compliance requirements
  • Review IT risk management activity across all control points, ensuring activity is in line with UCSF’s security and IT risk management strategies
  • In cases where satisfying business goals would require a significant exception to security policy (an exception that falls outside the established routine exception process), provide arbitration or make a recommendation to the Cyber Risk Responsible Executive.
  • Facilitate communication between UCSF IT Security and the UCSF community
  • Ensure visibility into UCSF’s cybersecurity threats, vulnerabilities, incidents and trends for stakeholders
  • Serve as an advisory group to UCSF’s Cyber Risk Responsible Executive(s)
  • Review matters relating to digital identity and access management where there are security implications
  • Recommend annual investment priorities to UCSF IT Governance Steering Committee (ITGSC)

Membership List

Current Appointee Unit Represented
Michael Blum Committee Chair
Patrick Phelan Information Technology
Joe Bengfort UC Cyber Risk Governance Committee
Tom Poon Privacy Office
Bruce Flynn Risk Management
Sheila Antrum UCSF Health
Barry Naughton UCSF Health
Darnele Wright Legal Affairs
David Odato Human Resources
Irene McGlynn Audit and Advisory Services
Julia Adler-Millstein School of Medicine
Peter Weber School of Nursing
Marley Quirante School of Pharmacy
Rich Trott Library
Jolie Chang Academic Senate
Kevin Yeung Student Academic Affairs
Michael Walker Langley Porter Psychiatric Institute
Lian Sussman Supply Chain Management