IT policies, standards and associated guidelines are formulated to direct and guide University practices, to help ensure compliance with laws, regulations and requirements, and to assist the University in reaching long-term goals. By establishing specific requirements for all members of the university community, policies and standards connect the university's mission to individual conduct, institutionalize impartial expectations, mitigate institutional risk, and enhance productivity and efficiency in the university's operations.
Tools for Handling Restricted Business Information information technology security program
Policy and Standard Development
Newly created policies and standards, or changes to existing ones, can be triggered by a variety of factors, such as:
- A change in law, rule or regulation
- A weakness in the current structure
- To correct behavior or reduce risk
- An organizational change
- To streamline operations
- A new technical opportunity
- Periodic review and updates
The Information Technology Advisory Committee (ITAC) is appointed by the University and represents various campus constituencies. ITAC is charged with the review of draft policies and standards and assists with the vetting of these proposals. IT standards are reviewed annually by ITAC.
For background or information on these policies, or to provide feedback on drafts, please contact Doug Streit, Director, IT Security, Records and Project Management at firstname.lastname@example.org.
University Policies are statements of management philosophy and direction, established to provide direction and assistance to the university community in the conduct of university mission and objectives. The following University policies address information technology:
- 3500: Use of Computing Resources
- 3501: Information Technology Access Control
- 3502: Information Technology Infrastructure, Architecture, and Ongoing Operations
- 3504: Data Administration Policy
- 3505: Information Technology Security Policy
- 3506: Electronic Communication Policy for Official University Business
- 3507: Information Technology Accesibility Policy
- 3508: Information Technology Project Management
- 3509: Software Decision Analysis Policy
Standards, Procedures and Guidelines
IT Standards specify requirements for becoming compliant with University IT policies, other university policies, as well as applicable laws and regulations. Standards may include technical specifications and are mandatory.
Procedures and guidelines are methods for complying with prescribed standards developed by ITS operational units. These normally include step-by-step instructions and useful or required forms. These procedures and guidelines should be followed to ensure compliance with all standards and policies.
For reasons of security or content, many procedures and guidelines are not published; however, such procedures may be requested and provided upon request from the operational unit. The procedures and guidelines that are published are intended to give direction to system owners, data owners and users in particular situations.