Date post: | 02-Jan-2016 |
Category: |
Documents |
Upload: | samuel-cecil-ryan |
View: | 212 times |
Download: | 0 times |
Policy PicklesPolicy Pickles at Sueme U at Sueme U
Seminars in Academic Seminars in Academic Computing 2005 – Case 5Computing 2005 – Case 5
Case 5 Team
Lavon Frazier, WSU Chris Haile, SUNY at Albany Eileen Heveron, National Brad Hough, Covenant Sem. Pam McQuesten, Cal State
Institution
Comprehensive state institution 17,000+ students
60% commuter, 40% residential 3,000+ faculty and staff Dramatic growth in past 10 years Strong centralized IT Services
Situation
New (first) CIO Generally good IT infrastructure Isolated complaints about IT
related problems Minimal IT policies in place CIO recognizes seriousness of
situation
CIO’s Assessment
General IT policies in place, but even those are loose• No signature required on AUP• Passwords changes not required• No rules for use of services (e.g.,
mass emails by all, private servers) Experiencing bandwidth problems
CIO’s Assessment (cont.)
Access to network and data not appropriately controlled• Labs open for public use• Access requests granted by IT staff
Exceptional number of copyright violation notices
Issues of academic freedom
Consultant Findings
CIO’s assessment is valid Situation extends beyond the IT
department to entire campus Policies are inadequate Risk is high
Consultant Findings (cont.)
Existing policy framework will serve the institutional needs• Regular policy review (policy owner
is responsible, at least every 3 years)
• Policies/changes proposed to President’s Cabinet
• Approved by Cabinet and President
Recommendations
Put needed IT policies in place• Create IT Policy Council • Agree on guiding principles• Develop needed policies
Educate university community to gain compliance
IT Policy Council
Representation from every major constituency group• Faculty, staff, and students• University citizens (not technical reps)• Ability to see the big picture
Review and recommend policy and policy changes
May develop institutional standards
Guiding Principles
Policies need to be developed in light of the university’s mission
Institutional data is a strategic asset
Network is a community resource Policies must balance academic
freedom, security, and privacy
Policy Development Priorities
Appropriate Use Policy Data Policy Network Policy Digital Copyright Policy Intellectual Property Policy Web Policy E-mail Policy
Policy Format
Business need for the policy Policy statement itself Complete explanation of policy Consequences for violations Identification of policy owner Appendix with current standards
Policy Enforcement
Clearly state consequences in the policy
Use existing disciplinary procedures based on the person’s role at the institution
Policy Education
Announcement by the President Published on web and in campus
newspaper(s) Reinforced by policy owner
through multiple channels Policy awareness/education as
ongoing IT activity
Action Plans
Take immediate measures to mitigate risk• Build awareness of risk with IT staff to
gain their buy-in for change• Notify President’s Cabinet that CIO is
taking immediate mitigation actions• Tighten IT practices
Conduct review of current departmental issues
Action Plans (cont.)
Begin to educate stakeholders about departmental and institutional issues
Build stakeholder awareness of the problem of lack of policies – Dean’s Council, Faculty Senate, President’s Cabinet, etc.
Review IT policies at peer institutions
Action Plans (cont.)
Gain buy-in from VPs for IT Policy Council
Begin series of regular executive briefings for mid- and senior-level managers