Reference in this web site to any specific resources, tools, products, process, service, manufacturer, or company does not constitute its endorsement or recommendation by the U. Government or the U. Department of Health and Human Services. Open Survey. Information Security Policy Template. Resource doc. We have one for our students' BYOD, and quite frankly, every student-owned device blows those requirements away Yeah, this is totally to satisfy an audit comment because basically everything we run could be run on even the cheapest of off the shelf workstations.
But like you said, we need to write it down so we have it. Presumably so they have something to comment on when i forget to update it :P. To continue this discussion, please ask a new question. Lenovo 53, Followers - Follow Mentions Products.
Kyle for Lenovo. Get answers from your peers along with millions of IT pros who visit Spiceworks. In general, any faculty or staff member will be able to provide comments on draft and interim policies, standards, and guidelines on the IT policy web site. Specific stakeholders may be identified and solicited to provide input and review draft documents, while others may be only in the need to inform category.
Students, student groups, and student governments will have opportunities to provide input and feedback on draft policies, standards, and guidelines that deal with student code of conduct amendments or have the potential to impact availability of, or access to, IT resources for students.
Categories of university-wide guidance see Appendix 1 for additional information about these categories :. The IT policy framework will create processes and structures that are consistent with the university Standard Practice Guide, specifically the Procedures for Development of University Policy on the SPG website as they apply to information and information technology policies.
The SPG website maintains in its Policies by Category a section with all current information technology policies. All prospective new IT policies as well as existing IT policies that are being formally reviewed will be highlighted in Policies Under Review. Multiple communication methods and vehicles will be employed to widely disseminate policies, standards, and guidelines, both while under review and after final approval.
Ultimately, this policy framework will result in a process that provides proper scoping, collaborative development, and structured vetting and approval. It applies to university-level guidance including policies, standards, and guidelines. Standards and guidelines require fewer approvals than policies submitted for approval to be added to the SPG catalogue.
An IT Policy Decision Matrix and Decision Tree flow chart are available as planning guides and process reminders for policy development working groups. Both are based on the process flow described below. During the Planning and Initiation step of the IT policy life cycle process, the need for new or updated guidance may be triggered by various issues such as:. The planning process involves stepping through a list of questions to determine whether there is a compelling need for a guidance effort and, if so, what type of guidance policy, standard, guideline needs to be created.
Questions and suggestions for relevant decisions are listed below. This document outlines the decision points to determine if a policy, standard, or guideline is required. Download PDF. Skip to main content. This includes: Coordination of IT policy and underlying development, dissemination, and education Review and analysis of existing policies for continued applicability and effectiveness.
Interpretation of current policy related to specific issues, situations and incidents. Rationale Information technology policies articulate the university's vision, strategy, and principles as they relate to the management and use of information and information technology resources, while supporting core academic, research, and teaching and learning missions.
This university-wide IT policy framework specifies: Structure and criteria for what should be categorized as an IT policy, guideline, or standard A process for initiating, reviewing, approving, and expiring IT policies Ongoing roles and responsibilities associated with IT policy development and maintenance Principles The IT policy structure and process reflect the following principles: Policy work shall be initiated when there is a compelling need for new or revised policy. Triggers may include new technologies, new laws or regulations, or operational or compliance needs that are not appropriately covered by existing policies or guidance.
Policies and guidance shall be credible, implementable, enforceable, and sustainable. Impact analysis on both IT systems and end-users should be included in the policy planning and review processes. Any unit may request consideration of new IT policies or changes to existing policies that apply university-wide; the process to be followed for such consideration is outlined in this IT policy development and administration framework.
IT policy development will be accomplished via individual workgroups convened to address specific topics. Each team will include appropriate subject matter experts.
IA will provide a central coordination function to ensure consistency and to address policy dependencies. The policy development process will be transparent. The policy development process will be flexible.
Circumstances may necessitate the publishing of best practices as a stop-gap to provide immediate guidance while a policy is being developed, vetted, and approved. In other cases, a policy may be established with detailed guidance to be provided at a later time.
University-wide policies should be considered a floor, not a ceiling. Unit-level policies, guidelines, standards, or procedures may be developed to supplement university-wide guidance. They must meet the minimum criteria set forth in university-wide policies and related guidance, but may be more restrictive. Roles and Responsibilities The roles and responsibilities defined below represent the staff positions or groups most directly involved in IT policy development.
The following identifies the different levels of governance review, approval, and vetting of policies, standards and guidelines initially drafted by IT policy development working groups : CISO: Initial review of policies, guidelines, and standards. Stakeholder Involvement Campus stakeholders will be engaged throughout the IT policy development process—in both individual and group settings—to ensure that all appropriate perspectives are accounted for and incorporated as feasible in final versions of new or revised policies, standards, and guidelines.
IT Policy Structure and Criteria Categories of university-wide guidance see Appendix 1 for additional information about these categories : University IT Policies articulate the university's values, principles, strategies, and positions relative to a broad IT topic.
They are designed to guide organizational and individual behavior and decision making. They are concise, high-level, and independent of a given technology. University IT policies are mandatory.
0コメント