the development of an institutional it policy process march 18 th, 2008 judith borreson caruso,...
TRANSCRIPT
![Page 1: The Development of an Institutional IT Policy Process March 18 th, 2008 Judith Borreson Caruso, Director, Policy and Planning Gary De Clute, IT Policy](https://reader035.vdocument.in/reader035/viewer/2022062804/56649f055503460f94c19bb9/html5/thumbnails/1.jpg)
The Development of an Institutional IT Policy Process March 18th, 2008
Judith Borreson Caruso,Director, Policy and Planning
Gary De Clute,IT Policy Consultant
Copyright (C) 2008 University of Wisconsin Board of Regents
Permission is granted for this material to be shared for non-commercial, educational purposes.
![Page 2: The Development of an Institutional IT Policy Process March 18 th, 2008 Judith Borreson Caruso, Director, Policy and Planning Gary De Clute, IT Policy](https://reader035.vdocument.in/reader035/viewer/2022062804/56649f055503460f94c19bb9/html5/thumbnails/2.jpg)
2
"For a policy to be effective in guiding community behaviors, it must reflect the full range of the community's values, must be understood and embraced by community members, and must reinforce the most important values and the mission of the institution as a whole...”
![Page 3: The Development of an Institutional IT Policy Process March 18 th, 2008 Judith Borreson Caruso, Director, Policy and Planning Gary De Clute, IT Policy](https://reader035.vdocument.in/reader035/viewer/2022062804/56649f055503460f94c19bb9/html5/thumbnails/3.jpg)
3
“... An effective policy requires campus-wide discussion and the involvement of each of the major constituencies of the community.“
Virginia E. Rezmierski & Aline Soules,EDUCAUSE Review (March/April 2000)
![Page 4: The Development of an Institutional IT Policy Process March 18 th, 2008 Judith Borreson Caruso, Director, Policy and Planning Gary De Clute, IT Policy](https://reader035.vdocument.in/reader035/viewer/2022062804/56649f055503460f94c19bb9/html5/thumbnails/4.jpg)
4
Agenda
I. Why do IT policy?II. What is IT policy?III. Creating an IT policy development processIV. Involving the campus communityV. Developing specific policiesVI. Next stepsVII. Lessons learnedVIII. Questions to considerAppendix: Description of the UW-Madison
IT-related Policy Development Process
![Page 5: The Development of an Institutional IT Policy Process March 18 th, 2008 Judith Borreson Caruso, Director, Policy and Planning Gary De Clute, IT Policy](https://reader035.vdocument.in/reader035/viewer/2022062804/56649f055503460f94c19bb9/html5/thumbnails/5.jpg)
5
I. Why do IT policy?
• Compliance with outside mandates
• Compelling internal business needs
![Page 6: The Development of an Institutional IT Policy Process March 18 th, 2008 Judith Borreson Caruso, Director, Policy and Planning Gary De Clute, IT Policy](https://reader035.vdocument.in/reader035/viewer/2022062804/56649f055503460f94c19bb9/html5/thumbnails/6.jpg)
6
II. What is IT policy?
• Policy with a significant IT component
• Only a few IT policies are purely IT
![Page 7: The Development of an Institutional IT Policy Process March 18 th, 2008 Judith Borreson Caruso, Director, Policy and Planning Gary De Clute, IT Policy](https://reader035.vdocument.in/reader035/viewer/2022062804/56649f055503460f94c19bb9/html5/thumbnails/7.jpg)
IT-related Policy Areas at UW-Madison
![Page 8: The Development of an Institutional IT Policy Process March 18 th, 2008 Judith Borreson Caruso, Director, Policy and Planning Gary De Clute, IT Policy](https://reader035.vdocument.in/reader035/viewer/2022062804/56649f055503460f94c19bb9/html5/thumbnails/8.jpg)
8
Informal definitions atUW-MadisonPolicy states what people must or must not do.
Are mandatory. Change slowly. Short. Simple. Exceptions are few.
Guidelines are recommendations.
Are optional. More changeable. More complex. Exceptions are many. Can supplement policy.
Procedures document“how to.”
Are implementation details of policy or guidelines. Changeable.
Standards offer criteria for consistency.
Are measurable, have checkpoints. Are validated through a review process.
![Page 9: The Development of an Institutional IT Policy Process March 18 th, 2008 Judith Borreson Caruso, Director, Policy and Planning Gary De Clute, IT Policy](https://reader035.vdocument.in/reader035/viewer/2022062804/56649f055503460f94c19bb9/html5/thumbnails/9.jpg)
9
III. Creating an IT policy development process
Five years of exploring strange new worlds
• No campus policy office
• Commitment to inclusive governance
• Commitment to iterative improvement
• Documenting what we’ve learned
![Page 10: The Development of an Institutional IT Policy Process March 18 th, 2008 Judith Borreson Caruso, Director, Policy and Planning Gary De Clute, IT Policy](https://reader035.vdocument.in/reader035/viewer/2022062804/56649f055503460f94c19bb9/html5/thumbnails/10.jpg)
10
Why have a process?
• Consistency and predictability –mitigates the fear factor
• Engages the community
• Needs and concerns are addressed
• “What’s the next step?”
![Page 11: The Development of an Institutional IT Policy Process March 18 th, 2008 Judith Borreson Caruso, Director, Policy and Planning Gary De Clute, IT Policy](https://reader035.vdocument.in/reader035/viewer/2022062804/56649f055503460f94c19bb9/html5/thumbnails/11.jpg)
11
UW-Madison culture
• Highly decentralized
• Values inclusion of many constituencies
• Minimalist policy tradition
• Skepticism of “central IT”(2/3 of IT staff are not in central IT)
• Governance challenges
![Page 12: The Development of an Institutional IT Policy Process March 18 th, 2008 Judith Borreson Caruso, Director, Policy and Planning Gary De Clute, IT Policy](https://reader035.vdocument.in/reader035/viewer/2022062804/56649f055503460f94c19bb9/html5/thumbnails/12.jpg)
12
Initial focus on Authentication and Authorization (AuthN/Z)
• Many policy issues• Already had inclusive campus team to
coordinate project activity• CIO asked team to coordinate AuthN/Z
policy
![Page 13: The Development of an Institutional IT Policy Process March 18 th, 2008 Judith Borreson Caruso, Director, Policy and Planning Gary De Clute, IT Policy](https://reader035.vdocument.in/reader035/viewer/2022062804/56649f055503460f94c19bb9/html5/thumbnails/13.jpg)
13
How we created the IT policy development process
• Addressed one cluster of related policy issues at a time, examples:– Campus NetID for student applicants– Appropriate use of campus NetID– Governance of role-based AuthN\Z
• Usually created a sub-team with additional campus representatives
![Page 14: The Development of an Institutional IT Policy Process March 18 th, 2008 Judith Borreson Caruso, Director, Policy and Planning Gary De Clute, IT Policy](https://reader035.vdocument.in/reader035/viewer/2022062804/56649f055503460f94c19bb9/html5/thumbnails/14.jpg)
14
Result: Draft IT policy development process
Demonstrated to work, but:
• Unknown to the larger community
• Unrepeatable in practice
• Not comprehensive across policy areas
![Page 15: The Development of an Institutional IT Policy Process March 18 th, 2008 Judith Borreson Caruso, Director, Policy and Planning Gary De Clute, IT Policy](https://reader035.vdocument.in/reader035/viewer/2022062804/56649f055503460f94c19bb9/html5/thumbnails/15.jpg)
15
IV. Involving the Campus Community
• Started quarterly IT Policy forums
• Chartered an IT Policy Planning team– Volunteers from campus!
![Page 16: The Development of an Institutional IT Policy Process March 18 th, 2008 Judith Borreson Caruso, Director, Policy and Planning Gary De Clute, IT Policy](https://reader035.vdocument.in/reader035/viewer/2022062804/56649f055503460f94c19bb9/html5/thumbnails/16.jpg)
16
IT Policy Forums
Purpose:
1. converse with faculty and staff
2. ensure widespread engagement on specific policies
![Page 17: The Development of an Institutional IT Policy Process March 18 th, 2008 Judith Borreson Caruso, Director, Policy and Planning Gary De Clute, IT Policy](https://reader035.vdocument.in/reader035/viewer/2022062804/56649f055503460f94c19bb9/html5/thumbnails/17.jpg)
17
Forum Design• Emphasis: get information
• Short presentations: by campus community
• Small group discussions
• Started with 1 hour, participantswanted 1 ½ hours!
![Page 18: The Development of an Institutional IT Policy Process March 18 th, 2008 Judith Borreson Caruso, Director, Policy and Planning Gary De Clute, IT Policy](https://reader035.vdocument.in/reader035/viewer/2022062804/56649f055503460f94c19bb9/html5/thumbnails/18.jpg)
18
IT Policy Planning Team
Goal - Draft a “Plan for IT Policy”:
• short- and long-term strategies
• process and policy priorities
• roles and responsibilities
• institutional governance
![Page 19: The Development of an Institutional IT Policy Process March 18 th, 2008 Judith Borreson Caruso, Director, Policy and Planning Gary De Clute, IT Policy](https://reader035.vdocument.in/reader035/viewer/2022062804/56649f055503460f94c19bb9/html5/thumbnails/19.jpg)
Volunteers!Volunteers!
![Page 20: The Development of an Institutional IT Policy Process March 18 th, 2008 Judith Borreson Caruso, Director, Policy and Planning Gary De Clute, IT Policy](https://reader035.vdocument.in/reader035/viewer/2022062804/56649f055503460f94c19bb9/html5/thumbnails/20.jpg)
![Page 21: The Development of an Institutional IT Policy Process March 18 th, 2008 Judith Borreson Caruso, Director, Policy and Planning Gary De Clute, IT Policy](https://reader035.vdocument.in/reader035/viewer/2022062804/56649f055503460f94c19bb9/html5/thumbnails/21.jpg)
21
IT Policy Process Recommendations
• Long-term / Strategic
• Definitions
• Roles
• Recommendations
• Key Success Factors
• Process description
![Page 22: The Development of an Institutional IT Policy Process March 18 th, 2008 Judith Borreson Caruso, Director, Policy and Planning Gary De Clute, IT Policy](https://reader035.vdocument.in/reader035/viewer/2022062804/56649f055503460f94c19bb9/html5/thumbnails/22.jpg)
22
IT Policy Development Plan
• One year / Detailed
• List of “compelling needs”
• Current IT policy initiatives
• Possible new initiatives, prioritized by community
![Page 23: The Development of an Institutional IT Policy Process March 18 th, 2008 Judith Borreson Caruso, Director, Policy and Planning Gary De Clute, IT Policy](https://reader035.vdocument.in/reader035/viewer/2022062804/56649f055503460f94c19bb9/html5/thumbnails/23.jpg)
23
Discussion
How is policy developed on your campus?
Who is involved?
![Page 24: The Development of an Institutional IT Policy Process March 18 th, 2008 Judith Borreson Caruso, Director, Policy and Planning Gary De Clute, IT Policy](https://reader035.vdocument.in/reader035/viewer/2022062804/56649f055503460f94c19bb9/html5/thumbnails/24.jpg)
24
V. Developing specificIT policies
Key Success Factors:• Compelling need• Strategic alignment• Appropriate sponsorship• Campus buy-in• Appropriate review• Practical implementation
![Page 25: The Development of an Institutional IT Policy Process March 18 th, 2008 Judith Borreson Caruso, Director, Policy and Planning Gary De Clute, IT Policy](https://reader035.vdocument.in/reader035/viewer/2022062804/56649f055503460f94c19bb9/html5/thumbnails/25.jpg)
25
A. Compelling Need
• Never policy for policy’s sake• ‘Softer’ solutions are preferable:
education, principles, procedures, guidelines, voluntary compliance
![Page 26: The Development of an Institutional IT Policy Process March 18 th, 2008 Judith Borreson Caruso, Director, Policy and Planning Gary De Clute, IT Policy](https://reader035.vdocument.in/reader035/viewer/2022062804/56649f055503460f94c19bb9/html5/thumbnails/26.jpg)
26
Keeping “policy” in perspective
![Page 27: The Development of an Institutional IT Policy Process March 18 th, 2008 Judith Borreson Caruso, Director, Policy and Planning Gary De Clute, IT Policy](https://reader035.vdocument.in/reader035/viewer/2022062804/56649f055503460f94c19bb9/html5/thumbnails/27.jpg)
27
“Factors of compelling need”
• Outside mandates?
• Internal business needs?
• Who is affected?
• What are the risks?
• Act now or later?
• Cost effectiveness?
![Page 28: The Development of an Institutional IT Policy Process March 18 th, 2008 Judith Borreson Caruso, Director, Policy and Planning Gary De Clute, IT Policy](https://reader035.vdocument.in/reader035/viewer/2022062804/56649f055503460f94c19bb9/html5/thumbnails/28.jpg)
28
B. Strategic Alignment
• Consistent with long-term goals– Proactive whenever possible– Reactive only when necessary
![Page 29: The Development of an Institutional IT Policy Process March 18 th, 2008 Judith Borreson Caruso, Director, Policy and Planning Gary De Clute, IT Policy](https://reader035.vdocument.in/reader035/viewer/2022062804/56649f055503460f94c19bb9/html5/thumbnails/29.jpg)
29
C. Appropriate Sponsorship
• High-level support from the beginning– Reinforce/enable staff support– Identify and allocate resources– Encourage compliance
![Page 30: The Development of an Institutional IT Policy Process March 18 th, 2008 Judith Borreson Caruso, Director, Policy and Planning Gary De Clute, IT Policy](https://reader035.vdocument.in/reader035/viewer/2022062804/56649f055503460f94c19bb9/html5/thumbnails/30.jpg)
30
D. Campus buy-in
• Inclusive and transparent process– Stakeholder involvement– Both technical and functional staff
• Good communications– Forums– Wiki
![Page 31: The Development of an Institutional IT Policy Process March 18 th, 2008 Judith Borreson Caruso, Director, Policy and Planning Gary De Clute, IT Policy](https://reader035.vdocument.in/reader035/viewer/2022062804/56649f055503460f94c19bb9/html5/thumbnails/31.jpg)
31
E. Appropriate review
• Broad and thorough initial review– Review by advisory groups– Endorsement by campus governance
• On-going review and revision– Feedback from the community
![Page 32: The Development of an Institutional IT Policy Process March 18 th, 2008 Judith Borreson Caruso, Director, Policy and Planning Gary De Clute, IT Policy](https://reader035.vdocument.in/reader035/viewer/2022062804/56649f055503460f94c19bb9/html5/thumbnails/32.jpg)
32
F. Practical Implementation
• Goal: Ease compliance
• Consider from the start:– Understandable– Enforceable– Available resources– Reduce barriers
![Page 33: The Development of an Institutional IT Policy Process March 18 th, 2008 Judith Borreson Caruso, Director, Policy and Planning Gary De Clute, IT Policy](https://reader035.vdocument.in/reader035/viewer/2022062804/56649f055503460f94c19bb9/html5/thumbnails/33.jpg)
33
CIO Involvement is critical
• CIO can help assure:– compelling need– strategic alignment– appropriate sponsorship– campus buy-in– appropriate review– practical implementation
![Page 34: The Development of an Institutional IT Policy Process March 18 th, 2008 Judith Borreson Caruso, Director, Policy and Planning Gary De Clute, IT Policy](https://reader035.vdocument.in/reader035/viewer/2022062804/56649f055503460f94c19bb9/html5/thumbnails/34.jpg)
34
• What is “good enough”?– Impact on the institution– Urgency of need– Degree of pre-existing consensus
• Adjust complexity and scope at each step
CIO Involvement
![Page 35: The Development of an Institutional IT Policy Process March 18 th, 2008 Judith Borreson Caruso, Director, Policy and Planning Gary De Clute, IT Policy](https://reader035.vdocument.in/reader035/viewer/2022062804/56649f055503460f94c19bb9/html5/thumbnails/35.jpg)
35
Discussion
Policy development at your institution:
1. Examples that went well? Why?
2. Not well? Why?
![Page 36: The Development of an Institutional IT Policy Process March 18 th, 2008 Judith Borreson Caruso, Director, Policy and Planning Gary De Clute, IT Policy](https://reader035.vdocument.in/reader035/viewer/2022062804/56649f055503460f94c19bb9/html5/thumbnails/36.jpg)
36
7 steps of development for IT policies at UW-Madison
1. Initiation
2. Elaboration
3. Drafting
4. Endorsement
5. Implementation
6. Compliance
7. Revision
Adapted from IBM’s “Rational Unified Process”
![Page 37: The Development of an Institutional IT Policy Process March 18 th, 2008 Judith Borreson Caruso, Director, Policy and Planning Gary De Clute, IT Policy](https://reader035.vdocument.in/reader035/viewer/2022062804/56649f055503460f94c19bb9/html5/thumbnails/37.jpg)
37
Planning a policy initiative
• Retain all 7 steps
• Adjust each according to:– impact on the institution– urgency of need– pre-existing consensus
![Page 38: The Development of an Institutional IT Policy Process March 18 th, 2008 Judith Borreson Caruso, Director, Policy and Planning Gary De Clute, IT Policy](https://reader035.vdocument.in/reader035/viewer/2022062804/56649f055503460f94c19bb9/html5/thumbnails/38.jpg)
38
Exploring the issues
1. Initiation – by the CIO after consulting with advisors and governance.
2. Elaboration – by stakeholders who forward desired outcomes and implementation considerations to the CIO.
![Page 39: The Development of an Institutional IT Policy Process March 18 th, 2008 Judith Borreson Caruso, Director, Policy and Planning Gary De Clute, IT Policy](https://reader035.vdocument.in/reader035/viewer/2022062804/56649f055503460f94c19bb9/html5/thumbnails/39.jpg)
39
Negotiating policy language
3. Drafting - in consultation with the stakeholders, the CIO, the community, advisors and governance.
4. Endorsement - by governance for issuance by the appropriate executive.
![Page 40: The Development of an Institutional IT Policy Process March 18 th, 2008 Judith Borreson Caruso, Director, Policy and Planning Gary De Clute, IT Policy](https://reader035.vdocument.in/reader035/viewer/2022062804/56649f055503460f94c19bb9/html5/thumbnails/40.jpg)
40
Achieving compliance
5. Implementation –both central and distributed departments, guided by CIO
6. Compliance – a departmental responsibility, encouraged by CIO.
7. Revision – feedback from central and distributed departments
![Page 41: The Development of an Institutional IT Policy Process March 18 th, 2008 Judith Borreson Caruso, Director, Policy and Planning Gary De Clute, IT Policy](https://reader035.vdocument.in/reader035/viewer/2022062804/56649f055503460f94c19bb9/html5/thumbnails/41.jpg)
41
VII. Lessons Learned
• Learn by doing• Include the community• Focus on one active area• Iterative improvement• Document what works• Patience
![Page 42: The Development of an Institutional IT Policy Process March 18 th, 2008 Judith Borreson Caruso, Director, Policy and Planning Gary De Clute, IT Policy](https://reader035.vdocument.in/reader035/viewer/2022062804/56649f055503460f94c19bb9/html5/thumbnails/42.jpg)
42
Importance of Roles
• CIO is central to IT policy
• Stakeholders at all levels:– University governance– Executive leadership and advisors– Operational-level management– Technologists, support staff and users
![Page 43: The Development of an Institutional IT Policy Process March 18 th, 2008 Judith Borreson Caruso, Director, Policy and Planning Gary De Clute, IT Policy](https://reader035.vdocument.in/reader035/viewer/2022062804/56649f055503460f94c19bb9/html5/thumbnails/43.jpg)
43
Make it official
• Formalize– Involve the community – Forums, planning team
• Adopt– Position CIO in the coordinating role
![Page 44: The Development of an Institutional IT Policy Process March 18 th, 2008 Judith Borreson Caruso, Director, Policy and Planning Gary De Clute, IT Policy](https://reader035.vdocument.in/reader035/viewer/2022062804/56649f055503460f94c19bb9/html5/thumbnails/44.jpg)
44
Specific policy initiatives
• Initiation is most critical step
• Key success factors:– Compelling Need– Strategic Alignment– Appropriate Sponsorship
![Page 45: The Development of an Institutional IT Policy Process March 18 th, 2008 Judith Borreson Caruso, Director, Policy and Planning Gary De Clute, IT Policy](https://reader035.vdocument.in/reader035/viewer/2022062804/56649f055503460f94c19bb9/html5/thumbnails/45.jpg)
45
Enable compliance
• Unsupported or impractical policies:– compliance problems– discredit other policy efforts
• Key success factors:– Campus buy-in– Appropriate review– Practical Implementation
![Page 46: The Development of an Institutional IT Policy Process March 18 th, 2008 Judith Borreson Caruso, Director, Policy and Planning Gary De Clute, IT Policy](https://reader035.vdocument.in/reader035/viewer/2022062804/56649f055503460f94c19bb9/html5/thumbnails/46.jpg)
46
VI. Next steps atUW-Madison
• Several initiatives in progress
• For new initiatives:– high-level advisory groups– operational management groups
• IT Policy Forums– get input for specific initiatives
• Iterative improvement
![Page 47: The Development of an Institutional IT Policy Process March 18 th, 2008 Judith Borreson Caruso, Director, Policy and Planning Gary De Clute, IT Policy](https://reader035.vdocument.in/reader035/viewer/2022062804/56649f055503460f94c19bb9/html5/thumbnails/47.jpg)
47
VIII. Questions to Consider
• What is the policy culture at your institution?
• To what extent do you have:– IT governance in place?– support from executives?
• Who is responsible for:– sponsorship/issuing authority?– monitoring?– compliance?
![Page 48: The Development of an Institutional IT Policy Process March 18 th, 2008 Judith Borreson Caruso, Director, Policy and Planning Gary De Clute, IT Policy](https://reader035.vdocument.in/reader035/viewer/2022062804/56649f055503460f94c19bb9/html5/thumbnails/48.jpg)
Thank you!
Judy Caruso, Director of Policy and [email protected] De Clute, IT Policy [email protected]
https://wiki.doit.wisc.edu/ look for:UW-Madison IT Policy (POLICY)
![Page 49: The Development of an Institutional IT Policy Process March 18 th, 2008 Judith Borreson Caruso, Director, Policy and Planning Gary De Clute, IT Policy](https://reader035.vdocument.in/reader035/viewer/2022062804/56649f055503460f94c19bb9/html5/thumbnails/49.jpg)
49
Appendix
Description of the UW-MadisonIT-related Policy Development Process
1. Initiation
2. Elaboration
3. Drafting
4. Endorsement
5. Implementation
6. Compliance
7. Revision
![Page 50: The Development of an Institutional IT Policy Process March 18 th, 2008 Judith Borreson Caruso, Director, Policy and Planning Gary De Clute, IT Policy](https://reader035.vdocument.in/reader035/viewer/2022062804/56649f055503460f94c19bb9/html5/thumbnails/50.jpg)
![Page 51: The Development of an Institutional IT Policy Process March 18 th, 2008 Judith Borreson Caruso, Director, Policy and Planning Gary De Clute, IT Policy](https://reader035.vdocument.in/reader035/viewer/2022062804/56649f055503460f94c19bb9/html5/thumbnails/51.jpg)
51
All seven steps are necessary
• Each step builds on previous steps
• Skipping or skimping generally requires going back and getting it right
• Adjust scope and complexity of each step by considering:
– impact on the institution– urgency of need– pre-existing consensus
![Page 52: The Development of an Institutional IT Policy Process March 18 th, 2008 Judith Borreson Caruso, Director, Policy and Planning Gary De Clute, IT Policy](https://reader035.vdocument.in/reader035/viewer/2022062804/56649f055503460f94c19bb9/html5/thumbnails/52.jpg)
52
Step 1. Initiation
• Identify and involve stakeholders
• Create/identify a “Stakeholders Team”(pre-existing teams are more
efficient)
• Careful framing of issues to explore
• Careful definition of deliverables -“desired outcomes and implementation considerations” (not policy language)
![Page 53: The Development of an Institutional IT Policy Process March 18 th, 2008 Judith Borreson Caruso, Director, Policy and Planning Gary De Clute, IT Policy](https://reader035.vdocument.in/reader035/viewer/2022062804/56649f055503460f94c19bb9/html5/thumbnails/53.jpg)
53
Step 2. Elaboration
• Explore the issues
• Avoid drafting policy language at this point– wordsmithing consumes a lot of time– language almost always gets changed later
• Optional “Policy Issues Team” to expand representation and bring in
specialized expertise
![Page 54: The Development of an Institutional IT Policy Process March 18 th, 2008 Judith Borreson Caruso, Director, Policy and Planning Gary De Clute, IT Policy](https://reader035.vdocument.in/reader035/viewer/2022062804/56649f055503460f94c19bb9/html5/thumbnails/54.jpg)
![Page 55: The Development of an Institutional IT Policy Process March 18 th, 2008 Judith Borreson Caruso, Director, Policy and Planning Gary De Clute, IT Policy](https://reader035.vdocument.in/reader035/viewer/2022062804/56649f055503460f94c19bb9/html5/thumbnails/55.jpg)
55
Step 3. Drafting
• Use a good template– Separate policy language (changes slowly)
from implementation (changes quickly)
• Get review and input by stakeholders, CIO, and high-level advisors
• Optional broader vetting– must be genuinely open to input (if not, may
create resistance rather than support)
![Page 56: The Development of an Institutional IT Policy Process March 18 th, 2008 Judith Borreson Caruso, Director, Policy and Planning Gary De Clute, IT Policy](https://reader035.vdocument.in/reader035/viewer/2022062804/56649f055503460f94c19bb9/html5/thumbnails/56.jpg)
![Page 57: The Development of an Institutional IT Policy Process March 18 th, 2008 Judith Borreson Caruso, Director, Policy and Planning Gary De Clute, IT Policy](https://reader035.vdocument.in/reader035/viewer/2022062804/56649f055503460f94c19bb9/html5/thumbnails/57.jpg)
57
Step 4. Endorsement
• Consult with high-level advisory groups• Formally submit to shared governance
– Usually endorsed by a committee– Sometimes referred to an “executive
committee”– Occasionally referred to the faculty senate
• Keep advisory groups and governance committee informed throughout
![Page 58: The Development of an Institutional IT Policy Process March 18 th, 2008 Judith Borreson Caruso, Director, Policy and Planning Gary De Clute, IT Policy](https://reader035.vdocument.in/reader035/viewer/2022062804/56649f055503460f94c19bb9/html5/thumbnails/58.jpg)
![Page 59: The Development of an Institutional IT Policy Process March 18 th, 2008 Judith Borreson Caruso, Director, Policy and Planning Gary De Clute, IT Policy](https://reader035.vdocument.in/reader035/viewer/2022062804/56649f055503460f94c19bb9/html5/thumbnails/59.jpg)
59
Step 5. Implementation
• Need to consider from the start:– Practical, makes it easy to comply– Doable with available resources
• Consistent, matches the policy
• Good communications/education
![Page 60: The Development of an Institutional IT Policy Process March 18 th, 2008 Judith Borreson Caruso, Director, Policy and Planning Gary De Clute, IT Policy](https://reader035.vdocument.in/reader035/viewer/2022062804/56649f055503460f94c19bb9/html5/thumbnails/60.jpg)
60
6. Compliance
• Need to consider from the start: – Who issues?– Who monitors?– Who enforces?
• Follow up with monitoring
• Continued communications/education
• Enforcement if necessary
![Page 61: The Development of an Institutional IT Policy Process March 18 th, 2008 Judith Borreson Caruso, Director, Policy and Planning Gary De Clute, IT Policy](https://reader035.vdocument.in/reader035/viewer/2022062804/56649f055503460f94c19bb9/html5/thumbnails/61.jpg)
![Page 62: The Development of an Institutional IT Policy Process March 18 th, 2008 Judith Borreson Caruso, Director, Policy and Planning Gary De Clute, IT Policy](https://reader035.vdocument.in/reader035/viewer/2022062804/56649f055503460f94c19bb9/html5/thumbnails/62.jpg)
62
7. Revision
• Feedback during communications, education, monitoring and enforcement
• Minor revisions are easy: drafting, consultation and endorsement are sufficient
• Major revisions are new policy: use all seven steps, but may be able to make some steps simple and quick
![Page 63: The Development of an Institutional IT Policy Process March 18 th, 2008 Judith Borreson Caruso, Director, Policy and Planning Gary De Clute, IT Policy](https://reader035.vdocument.in/reader035/viewer/2022062804/56649f055503460f94c19bb9/html5/thumbnails/63.jpg)
![Page 64: The Development of an Institutional IT Policy Process March 18 th, 2008 Judith Borreson Caruso, Director, Policy and Planning Gary De Clute, IT Policy](https://reader035.vdocument.in/reader035/viewer/2022062804/56649f055503460f94c19bb9/html5/thumbnails/64.jpg)