IT Policy Development

1
IT Policy Development

• Presentation to UI Campus IT Leaders Group
• August 27, 2004
• Jane Drews

2
Agenda

• Background
• Team Membership
• Objectives
• Process Changes
• Summary

3
Background

• Delegation of control to CIO for IT policy
  occurred in 2002 (Operations Manual)
• Community consensus process implemented using
  CITL group as primary vehicle
• Focus on documenting desirable behavior rather
  than on compliance and control
• Recognized need to clarify institutional policy,
  scope

4
Team Membership

• Reliable Computing (CIO-037) Project
• Volunteers for the policy effort from CITL survey
  meeting after Reliable Computing group exercises
• Team formed, began meeting March 2004
• Chris Blasen, ITS Enterprise Client Management
  Group
• Jane Drews, UI IT Security Office (chair)
• Nancy Grout, ITS CIO Office
• Maggie Jesse, College of Business
• Barb Kelley, College of Pharmacy
• Tom Kruckeberg, Registrars Office
• Herb Musser, Internal Audit
• Greg Schwartz, VP Research Information Systems
• Paul Soderdahl, University Libraries

5
Team Objectives

• Reviewed (12) task list from CITL comments
• Merged, consolidated, scoped, refined
• Objectives
• Review and Improve IT Policy Development Process
• Update the Network Citizenship Policy, addressing
  enforcement issues
• Define, categorize managed/unmanaged devices

6
Current Policy Process

• Authors
• 1.       Develop working draft proposal with
  sponsorship
• 2.       Present to Campus IT Leaders group for
  review and comments.
• Campus IT Leaders Group
• 1.    Share with constituents for review and
  comment.
• 2.    Prototype policies may be implemented in
  any of the above stages to test the validity and
  practicality of the desired outcome.
• 3.    Final Draft policy approved by consensus
  within Campus IT Leaders group.
• UI Community
• 1.   CIO Office publishes Final Draft to the
  campus policy website for campus review and
  comment period.    
• 2.   Review and final approval by Campus IT
  Leaders, CIO, VPs, General Counsel, and
  President, as necessary.
• 3.   Publish Approved Policies on the campus
  policy site
• 4.   Implementation and compliance issues may be
  performed by a College or local unit, or through
  a campus wide effort, as appropriate.

7
Policy Development Process Problems

• Unclear responsibilities (development, review,
  updates, comments, sharing, etc.)
• Lack of review, reaching consensus, before a
  policy is officially adopted
• Sliding comment periods
• Poor communication channels
• Informal or lack of presentation

8
Changes

• Formal presentation to CITL by Author
• Discussion by CITL after presentation
• Form CITL Policy Subcommittee
• CITL members must provide response,
  acknowledgement, and/or feedback to Policy
  Subcommittee

9
Policy Flow, part 1
10
Policy Flow, part 2
11
Summary

• Formalize the current process without making
  significant changes
• Define and clarify roles and responsibility
  (Author, CITL, CITL-PSC, CIO)
• Ensure all stakeholders involved
• Streamline the review process and period