1 / 10

IT Policy Development

Agenda. BackgroundTeam MembershipObjectivesProcess ChangesSummary. Background. Delegation of control to CIO for IT policy occurred in 2002 (Operations Manual)Community consensus process implemented using CITL group as primary vehicleFocus on documenting desirable behavior rather than on com

dava
Download Presentation

IT Policy Development

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

    1. IT Policy Development Presentation to UI Campus IT Leaders Group August 27, 2004 Jane Drews

    2. Agenda Background Team Membership Objectives Process Changes Summary

    3. Background Delegation of control to CIO for IT policy occurred in 2002 (Operations Manual) Community consensus process implemented using CITL group as primary vehicle Focus on documenting desirable behavior rather than on compliance and control Recognized need to clarify institutional policy, scope

    4. Team Membership Reliable Computing (CIO-037) Project Volunteers for the policy effort from CITL survey meeting after Reliable Computing group exercises Team formed, began meeting March 2004 Chris Blasen, ITS Enterprise Client Management Group Jane Drews, UI IT Security Office (chair) Nancy Grout, ITS CIO Office Maggie Jesse, College of Business Barb Kelley, College of Pharmacy Tom Kruckeberg, Registrar’s Office Herb Musser, Internal Audit Greg Schwartz, VP Research Information Systems Paul Soderdahl, University Libraries

    5. Team Objectives Reviewed (12) task list from CITL comments Merged, consolidated, scoped, refined Objectives: Review and Improve IT Policy Development Process Update the Network Citizenship Policy, addressing enforcement issues Define, categorize managed/unmanaged devices Clarify policy, with more proactive enforcement activities Revise strengthen the NCP, adding definitions for categories of devices (centrally managed, locally/unmanaged, vs poorly managed, also personal machines vs inst machines), and enforcement for non compliance Connect IT Rep with every user via the directory Review/revise policy development process Certification for using the network, or some kind of bill of rights or service level agreements – privacy, reliability, continuity expectations for customers Balance control of machine (end user versus IT Provider/support) Review and update security best practices Clarify policy, with more proactive enforcement activities Revise strengthen the NCP, adding definitions for categories of devices (centrally managed, locally/unmanaged, vs poorly managed, also personal machines vs inst machines), and enforcement for non compliance Connect IT Rep with every user via the directory Review/revise policy development process Certification for using the network, or some kind of bill of rights or service level agreements – privacy, reliability, continuity expectations for customers Balance control of machine (end user versus IT Provider/support) Review and update security best practices

    6. Current Policy Process Authors 1.       Develop working draft proposal with sponsorship 2.       Present to Campus IT Leaders group for review and comments. Campus IT Leaders Group 1.    Share with constituents for review and comment. 2.    Prototype policies may be implemented in any of the above stages to test the validity and practicality of the desired outcome. 3.    Final Draft policy approved by consensus within Campus IT Leaders group. UI Community 1.   CIO Office publishes Final Draft to the campus policy website for campus review and comment period.     2.   Review and final approval by Campus IT Leaders, CIO, VP’s, General Counsel, and President, as necessary. 3.   Publish Approved Policies on the campus policy site 4.   Implementation and compliance issues may be performed by a College or local unit, or through a campus wide effort, as appropriate.

    7. Policy Development Process Problems Unclear responsibilities (development, review, updates, comments, sharing, etc.) Lack of review, reaching consensus, before a policy is officially adopted Sliding comment periods Poor communication channels Informal or lack of presentation CITL not aware they are responsible for IT Policy review and approval Lack of comments regarding policy proposals have been interpreted in some cases as agreement/consensus, or in others have resulted in indeterminate comment periods (ie greater than 18 months) Confusion as to who is supposed to share policy proposals, and with whom. Some proposals have been presented to CITL, but if you miss the meeting you are never followed up with to ensure you are made aware of a pending review/comment period. Confusion over – What is policy and what is a standard. Policy has enforcement vehicle, and standard is a strong suggestion…. Concerns about the methods for reaching consensus since the meetings have been opened up. Voting members? Do we implement a workflow application for approval? Group decided to Keep it Simple. Keep the process as close to the original as possible, with as few changes as we can get by with and still solve the problems. CITL not aware they are responsible for IT Policy review and approval Lack of comments regarding policy proposals have been interpreted in some cases as agreement/consensus, or in others have resulted in indeterminate comment periods (ie greater than 18 months) Confusion as to who is supposed to share policy proposals, and with whom. Some proposals have been presented to CITL, but if you miss the meeting you are never followed up with to ensure you are made aware of a pending review/comment period. Confusion over – What is policy and what is a standard. Policy has enforcement vehicle, and standard is a strong suggestion…. Concerns about the methods for reaching consensus since the meetings have been opened up. Voting members? Do we implement a workflow application for approval? Group decided to Keep it Simple. Keep the process as close to the original as possible, with as few changes as we can get by with and still solve the problems.

    8. Changes Formal presentation to CITL by Author Discussion by CITL after presentation Form CITL Policy Subcommittee CITL members must provide response, acknowledgement, and/or feedback to Policy Subcommittee Require formal presentation by the Author(s) of the policy proposal to CITL group (Must Address: Why is the policy needed, What does it involve/effect/influence/change, & Who is affected) Initial discussion by CITL after presentation Is the rationale valid? Recommend to CIO the groups that need to review the policy Formal CITL Policy Subcommittee to be formed CIO appoints 5-6 members Charged with formal review to distill comments, recommend changes to Author Recommend to CIO within 90 days for approval/rejection CITL members are going to be required to provide response, acknowledgement, and/or feedback to CITL-PS. PS will keep track of responses and contact members for a yea/nay or suggestions to ensure review occurs Require formal presentation by the Author(s) of the policy proposal to CITL group (Must Address: Why is the policy needed, What does it involve/effect/influence/change, & Who is affected) Initial discussion by CITL after presentation Is the rationale valid? Recommend to CIO the groups that need to review the policy Formal CITL Policy Subcommittee to be formed CIO appoints 5-6 members Charged with formal review to distill comments, recommend changes to Author Recommend to CIO within 90 days for approval/rejection CITL members are going to be required to provide response, acknowledgement, and/or feedback to CITL-PS. PS will keep track of responses and contact members for a yea/nay or suggestions to ensure review occurs

    9. Policy Flow, part 1

    10. Policy Flow, part 2

    11. Summary Formalize the current process without making significant changes Define and clarify roles and responsibility (Author, CITL, CITL-PSC, CIO) Ensure all stakeholders involved Streamline the review process and period

More Related