36.1 The Security Subcommittee of the General Purposes Committee shall consist of:
(1) a Chair, appointed by Council;
(2) the Chair of the Buildings and Estates Subcommittee of the Planning and Resource Allocation Committee, or his or her nominee;
(3) the Chair of the Information Technology Committee, or his or her nominee;
(4) the Chair of the Personnel Committee, or his or her nominee;
(5) the Chair of the Education Committee, or his or her nominee;
(6) the Chair of the Health and Safety Management Subcommittee, or his or her nominee;
(7)-(10) one person appointed by each of the divisional boards;
(11) the Pro-Vice-Chancellor (People and Digital), or his or her nominee;
(12) the Registrar, or his or her nominee;
(13) one person appointed by the Conference of Colleges;
(14) one of the Proctors or the Assessor as may be agreed between them;
(15) one external member with experience in the area of security of large organisations, appointed by Council; and
(16) one student member representative of the Oxford University Student Union, ordinarily a sabbatical trustee.
36.2. Subject to the approval of Council on each occasion, the subcommittee may co-opt up to two additional members, who may be internal or external members.
36.3. The University Marshal, the Chief Information Officer, the Director of Human Resources, the Director of Biomedical Services and the Director of the Safety Office (or their nominees) shall normally be in attendance at the meetings of the subcommittee; other individuals shall be invited to attend as appropriate.
36.4. The subcommittee shall be responsible for overseeing the management of the security risks to the University's staff and students, its infrastructure and its information, and it shall do so in a way that is proportionate to the threats.
36.5. In particular, the subcommittee shall:
(1) develop and maintain a University-wide security policy and framework and co-ordinate the implementation of that policy and framework across the University;
(2) oversee compliance with the University-wide security policy and framework and be responsible for providing assurance to other bodies as necessary;
(3) develop and maintain relevant security strategies to ensure the protection of the University's assets;
(4) at its discretion, consider any particular security threats and security incidents that may arise from time to time, determining what if any special measures should be taken to deal with those threats and incidents and overseeing the provision of any such special measures; and
(5) be responsible for developing and maintaining the University's emergency response processes, its disaster recovery processes and its business continuity framework.