Date post: | 05-Dec-2014 |
Category: |
Technology |
Upload: | james-sutter |
View: | 6,263 times |
Download: | 1 times |
IT Policies What Policies do all IT Organizations need?
November 2008 OC CIO Roundtable
Andy King, Exemplis Corporation
Table of Contents Policy Defined Some Reasons for IT Policies Where it Fits in the realm of an IT organization List of IT Policies It looks like we should all have the following
policies… Discussion Appendix
Example of an IT Policy References
Policy DefinitionAmerican Heritage Dictionary
A plan or course of action, as of a government, political party, or business, intended to influence and determine decisions, actions, and other matters:
As an example, an American foreign policy; the company's personnel policy.
A course of action, guiding principle, or procedure considered expedient, prudent, or advantageous: Honesty is the best policy.
Prudence, shrewdness, or sagacity in practical matters.
The American Heritage® Dictionary of the English Language, Fourth Edition
Copyright © 2006 by Houghton Mifflin Company.
Published by Houghton Mifflin Company. All rights reserved.
Some Reasons for IT Policies To prevent abuse of IT resources, protect
ownership and employees Provide guidelines in decision making with
IT management Integrate with corporate governance Meet regulatory, legal, and ethical
requirements
Where IT Policies fit in an organization IT Governance Description:
Used by Boards of Directors to evaluate, direct, and monitor the use of IT in their organizations
IT Policy and Procedures Description: Used to describe specific IT related guidance
and steps to conduct work actions and decisions
IT Management Description: Used to implement business objectives in IT
using direction from CIO/Head of IT, policies, and procedures
Where IT Policies Fit
CIO
IT Governance
ITPolicies & Procedures
IT Management
Corporate Governance
CompanyPolicies & Procedures
A significant cornerstone of the IT framework
List of IT Policies* Security (see next slide for details) Network/Infrastructure Hardware Software Residential Network E-mail External Vendors
*Northwestern University Policies and Guidelines
Security Policy Data Encryption Asset Disposal Hub/Repeater/Wireless Merchant Card Processing Network Privacy Reporting a Violation Secure handling of social security numbers Use and copying of computer software Use of Computers, Systems, and Networks
List of just about every IT Policy I could find! IT Use Policy for EE’s Internet Acceptable Use Breach of Security Policy Electronic Communication Email List Server Password Server Usage Software Installation Printing VPN Wireless Network General Policy Security Data Encryption Reporting Observed Violations Asset Disposal Point of Sale
Secure handling of social security Technology acquisition, development,
and deployment of Information Technology
Bulk email approval Virus and Spyware External Vendor Visitor Access Anti-Malware Lockdown Privacy Back up and restore E-commerce Domain controller Mobile computing IT management Patch management To ensure support of Business
Continuity Planning
Do you have any others?
Appendix: Policy Examples (see handouts)
University of Michigan-Flint The University of Tennessee Murdoch University Yale University Northwestern University (Wow!) Government of Bihar (Interesting)
Services/Tools (not an endorsement)
AltiusIT BizManualz (www.bizmanualz.com)
Reference Items: http://www.itgi.org/ IT Governance Institute The American Heritage® Dictionary of the English Language, Fourth Edition British Standard ISO/IEC 38500:2008; Corporate Governance of information
technology Wikipedia: Information Technology Governance ScienceDaily: Obama and McCain’s Technology Polices Examined