Technology Policy Development & Maintenance Standard
Date of Current Revision or Creation: November 1, 2021
The purpose of an Information Technology Standard is to specify requirements for compliance with 圖朸厙 Information Technology policies, other University policies, as well as applicable laws and regulations. Standards may include business principles, best practices, technical standards, migration and implementation strategies, that direct the design, deployment and management of information technology.
Purpose
The purpose of this compliance standard is to establish general rules for the adoption of policies, standards, procedures, and guidelines governing the use of information technology resources. In general, rules that are easy to find, read and understand will:
- Maintain accountability and compliance
- Provide faculty, staff and students with clear, concise tools
- Clarify how the University does business
- Promote responsibility and ethical behavior consistent with the University mission
Definitions
Board of Visitors is defined as the governing body of 圖朸厙.
Chief Information Officer (CIO) is an individual appointed by the President responsible for university policies and procedures for acquisition, implementation, documentation and use of information technology resources and for meeting its compliance obligations.
A Guideline is typically a collection of systems or process specific "suggestions" for best practice. They are not requirements to be met, but are strongly recommended practices.
Information Technology is defined as telecommunications, automated data processing, databases, the Internet, management information systems, and related information, equipment, goods, and services.
Information Technology Advisory Council (ITAC) is defined as the institutional committee of faculty and staff charged with the responsibility to advise review and recommend on matters related to information technology.
Minor changes involve topics of limited significance, are unlikely to involve disagreement, and do not change important aspects of the relationship of individuals to the University.
Major changes have either a significant impact on one or more major constituencies or require significant change in the way University units interact. Major changes may include issues of fairness, changes in longstanding means of operation that require major adjustment, or costs for compliance.
Non-substantive changes are not intended to change existing policy, but are made to correct errors, change format, clarifying existing policy, or update contact information
A Policy is typically a concise general statement that outlines requirements or rules that must be met, but not how to accomplish them. Policies usually cover a broad topic, its application throughout the organization, and mandatory. One policy may have several standards, procedures or guidelines.
A Procedure is typically a detailed step-by-step process that shows how to comply with or satisfy a standard. Procedures can be associated with forms.
A Standard is typically collections of systems or processes with specific controls or requirements that must be met by everyone. Standards provide more focus on how to accomplish a policy. Standards are sometimes expressed as defining "statements."
Standards Statement
Technology Policy Development and Maintenance
圖朸厙 faculty, staff and students need ready access to clear and comprehensive technology policies and related information. The authority to establish and approve policy is delegated by the Board of Visitors to selected parties.
Information Technology Services (ITS) is responsible for the formulation and promulgation of policies, standards, procedures and guidelines related to information technology in support of a unified information technology. The Information Technology Advisory Council (ITAC) provides assistance and oversight in administering information technology at the University.
Policies, standards, procedures and guidelines are clearly defined to provide a common understanding of terms. Documents are to be written in an accepted format and formally approved by the responsible party.
New standards and those requiring major changes require review by the responsible party and approval by both the CIO and the ITAC.
Standards and procedures will be reviewed at a minimum of every three years or sooner as a result of an audit finding, a change in state and/or federal laws or regulations or a significant modification as a result of a change in technology or business process.
Procedures, Guidelines & Other Related Information
- None
History
Date |
Responsible Party | Action |
October 2008 | ITAC/CIO | Created |
October 2009 | ITAC/CIO | Reaffirmed |
October 2010 | ITAC/CIO | Reaffirmed |
October 2011 | ITAC/CIO | Reaffirmed |
October 2012 | ITAC/CIO | Reaffirmed |
August 2013 | IT Policy Office | Update department name |
March 2014 | Records Manager | Change to 3 year review |
May 2018 | ITS Policy Office | Reviewed |
November 2021 | ITS Policy Office | Reviewed |