1 Tuesday, August 16, 2005 W E B C A S T August 16, 2005 Policy Development Theory & Practice: An Emphasis on IT Pat Spellacy Director of Policy & Process.

Slides:



Advertisements
Similar presentations
Policy Development: In Theory and Practice
Advertisements

How Will it Help Me Do My Job?
Is your institution in control? Internal Control, Standard Operating Procedures and the Policy Process T. Michael Ford, Special Assistant to the VP&CFO.
Nancy Capell Univ. of California, Office of the President T. Michael Ford Indiana University Institutional Policy Development: Effective Practices and.
Darton College Information Systems Use Policies. Introduction Dartons Information Systems are critical resources. The Information Systems Use Policies.
Defining the Security Domain Marilu Goodyear John H. Louis University of Kansas.
USG INFORMATION SECURITY PROGRAM AUDIT: ACHIEVING SUCCESSFUL AUDIT OUTCOMES Cara King Senior IT Auditor, OIAC.
Information Risk Management Key Component for HIPAA Security Compliance Ann Geyer Tunitas Group
NAU HIPAA Awareness Training
Salome Heyward & Associates Conference Services Program Accessibility And Emerging Technology April , 2014 Presented by Salome Heyward, JD Program.
Strategies for Crafting Effective IT Security Policies CIO Forum March 12, 2003 Dennis Maloney & Marin Stanek The University of Colorado at Boulder.
Guide to Massachusetts Data Privacy Laws & Steps you can take towards Compliance.
Network Redesign and Palette 2.0. The Mission of GCIS* Provide all of our users optimal access to GCC’s technology resources. *(GCC Information Services:
Security Controls – What Works
Information Security Policies and Standards
CST 481/598 x.2.  Broad overview of policy material  What is a “process”  Tiers (not tears) Many thanks to Jeni Li.
August 9, 2005 UCCSC IT Security at the University of California A New Initiative Jacqueline Craig. Director of Policy Information Resources and.
Data Management Awareness January 23, University of Michigan Administrative Information Services Data Management Awareness Unit Liaisons January.
University of California, Davis1 Draft Wireless Network Policy Administrative Computing Coordinating Council September 10, 2001.
Information Resources and Communications University of California, Office of the President UCTrust Implementation Experiences David Walker, UCOP Albert.
University of Guelph IT Security Policy Doug Blain Manager, IT Security ISC, April 27th.
EEN [Canada] Forum Shelley Borys Director, Evaluation September 30, 2010 Developing Evaluation Capacity.
NHPRC ELECTRONIC RECORDS RESEARCH FELLOWSHIP SYMPOSIUM Nov. 19, 2004 Rebecca Schulte University of Kansas Project Title: Testing Boundaries—An Exploration.
First Practice - Information Security Management System Implementation and ISO Certification.
Data Protection in Higher Education: Recent Experiences in Privacy and Security Institute for Computer Law and Policy Cornell University June 29, 2005.
UNLV Data Governance Executive Sponsors Meeting Office of Institutional Analysis and Planning August 29, 2006.
SAS 112: The New Auditing Standard Jim Corkill Controller Accounting Services & Controls.
Ferst Center Incident Incident Identification – Border Intrusion Detection System Incident Response – Campus Executive Incident Response Team Incident.
Welcome to the Minnesota SharePoint User Group. Introductions / Overview Project Tracking / Management / Collaboration via SharePoint Multiple Audiences.
ACUPA The Association of College and University Policy Administrators Communicating Policy Michele Gross University Policy Program Director.
Peer Information Security Policies: A Sampling Summer 2015.
Project Management COE Helen Schmitz, Chief IT Architect (Acting)
Auditing Logical Access in a Network Environment Presented By, Eric Booker and Mark Ren New York State Comptroller’s Office Network Security Unit.
Security Awareness Norfolk State University Policies.
“ Technology Working For People” Intro to HIPAA and Small Practice Implementation.
An Educational Computer Based Training Program CBTCBT.
9/19/ WCET Online Services Audit Tool - WCET/MnSCU Confidential WCET/MnSCU Audit Tool—Round 2 eStudent Services Committee Meeting June 24, 2004 Pat.
Important acronyms AO = authorizing official ISO = information system owner CA = certification agent.
The PRISM Privacy Tool: A User’s Guide PHDSC Home Page  PRISM Web Page 
1 Information Sharing Environment (ISE) Privacy Guidelines Jane Horvath Chief Privacy and Civil Liberties Officer.
University of Idaho Successful External Program Review Archie George, Director Institutional Research and Assessment Jane Baillargeon, Assistant Director.
Policy and IT Security Awareness Amy Ginther Policy Develoment Coordinator University of Maryland Information Technology Security Workshop April 2, 2004.
Environmental Management System Definitions
Policy Development at Georgetown: Directory Enabled Applications (and not) Charles F. Leonhardt CSG Winter Meeting Sanibel Harbour,
Fiscal Compliance Corner MRAM June 2014 Ted Mordhorst Assistant Director for Post Award Financial Compliance Research Accounting & Analysis Tamara (Mara)
Patient Confidentiality and Electronic Medical Records Ann J. Olsen, MBA, MA Information Security Officer and Director, Information Management Planning.
A GENCY P OLICY : T HEORY & P RACTICE. First. The Theory.
Policy Office Background & Status. Background : interest in policy development and organization Extensive research and study Systems Policy Review.
The Impact of Evolving IT Security Concerns On Cornell Information Technology Policy.
Security Checklists for IT Products. Agenda Overview of Checklist Program Discussion of Operational Procedures Current Status Next Steps.
Converting Policy to Reality Designing an IT Security Program for Your Campus 2 nd Annual Conference on Technology and Standards May 3, 2005 Jacqueline.
DATA IT Senate Data Governance Membership IT Senate Data Governance Committee Membership Annie Burgad, Senior Programmer, Central IT Julie Cannon, Director.
HIPAA Compliance Case Study: Establishing and Implementing a Program to Audit HIPAA Compliance Drew Hunt Network Security Analyst Valley Medical Center.
Policies and Security for Internet Access
UNDERSTANDING INFORMATION MANAGEMENT (IM) WITHIN THE FEDERAL GOVERNMENT.
The Health Insurance Portability and Accountability Act of 1996 “HIPAA” Public Law
Montgomery College Acceptable Use Policy (AUP). 2 This Acceptable Use Policy (AUP) PowerPoint presentation was developed by the Office of the Information.
CSC4003: Computer and Information Security Professor Mark Early, M.B.A., CISSP, CISM, PMP, ITILFv3, ISO/IEC 27002, CNSS/NSA 4011.
Important acronyms AO = authorizing official ISO = information system owner CA = certification agent.
The Medical College of Georgia HIPAA Privacy Rule Orientation.
INFORMATION ASSURANCE POLICY. Information Assurance Information operations that protect and defend information and information systems by ensuring their.
New Hire HIPAA Orientation. HIPAA Overview HIPAA is an acronym that stands for the Health Insurance Portability and Accountability Act of HIPAA.
Quantum Leap Project Management
To the ETS – Accounts Setup and Preferences Online Training Course
Policy & Procedure Writing
MODULE A - ADMINISTRATIVE
UNLV Data Governance Executive Sponsors Meeting
To the ETS – Accounts Setup and Preferences Online Training Course
Technology Department Annual Update
Introduce myself & around table
Presentation transcript:

1 Tuesday, August 16, 2005 W E B C A S T August 16, 2005 Policy Development Theory & Practice: An Emphasis on IT Pat Spellacy Director of Policy & Process Development University of Minnesota

Tuesday, August 16, University of Minnesota Policy office established September 1993 Have a policy & a process on developing policy Two policy templates (Regents & Administrative) Quarterly policy planning meetings U-wide Libraries cited as a past success Official web site:

Tuesday, August 16, The Association of College & University Policy Administrators Mission The mission of the group is explore both the "policy process" on college and university campuses as well as to discuss specific policy issues. The mission will be fulfilled through periodic meetings, special events, outreach activities and electronic communications among the membership. Members See the Members Directory on the ACUPA web site.

Tuesday, August 16, ACUPA Web Site

Tuesday, August 16, Policy: Is this it? Cartoon # 1– Just Guidelines?

Tuesday, August 16, Policy: Is this it? Cartoon #2: Guidelines too wishy-washy?

Tuesday, August 16, Policy: Is this it? Cartoon #3: Wally & Mordac

Tuesday, August 16, For Real - This is Policy What is a Policy? - They state an institutional position. - They describe mandates, community beliefs and boundaries. - They should include why and who. What is a Procedure? - They tell us how. - They often include who, what, when and where. - They are the customary or standard practice way of handling situations.

Tuesday, August 16, For Real - This is Policy Why Are Policies and Procedures Important? - They establish responsibilities and accountability. - They help ensure compliance and reduce institutional risk. - They may be needed to establish and/or defend a legal basis for action. - They provide clarification and guidance to the community.

Tuesday, August 16, Policy Definition References “A Framework for IT Policy Development” Hierarchy of Legal/Regulatory and Policy Authority (These Links are on the ACUPA web site)

Tuesday, August 16, Policy Development Process “Best Practices”

Tuesday, August 16, An Overview

Tuesday, August 16, Best Practices

Tuesday, August 16, Best Practices

Tuesday, August 16, Best Practices

Tuesday, August 16, U of M Policy Hierarchy  Federal Level (Constitution, Statutes, Regulations)  State Level (Charter for U of M (1851), Constitution (1857), Statute, Regulations)  Internal U Governance  Regents Bylaws  Regents Policies  U-wide or Faculty Senate Policy  Procedures - Action steps that tell how things are done  Standard - A level of quality that is required to be followed (supports policy/procedure)  Guideline - Provides optional guidance for action (supports policy/procedure)  Campus-wide  College Constitutions  College/Administrative Unit Policy  Department Policy URL -

Tuesday, August 16, U of M Policies Related to IT Acceptable Use of Information Technology Resources Accessibility of Information Technology Administration & Oversight for Protection of Individual Health Information (HIPAA) Creating and Revising U-Wide Forms Financial Data and Systems Security Including a Privacy Statement on U Web Pages Internal Access to University Information Participating in Discussions on the Portal Protection of Individual Health Information Protection of Individual Health Information by University Health Care Components (HIPAA) Public Access to University Information Publishing Information on the World Wide Web Use & Disclosure of Individual Health Information for Research Purposes (HIPAA) User Authentication for Access to University Computer Resources Using Communications Technology to Improve University Processes Using as Official Student Communication

Tuesday, August 16, U of M IT Standards & Guidelines Standards (A standard is a level of quality that requires conformity) Using Information Technology Resources Standards Wireless Access Point Technical Standards 3-02Wireless Access Point Technical Standards Anti-Virus Standards 4-02Anti-Virus Standards Secure Data Deletion Standard 6-03Secure Data Deletion Standard Security Patch Application Standard 1-04Security Patch Application Standard University Network Standards for Network Security & Operational Continuity 4-04University Network Standards for Network Security & Operational Continuity Information Technology Support Staffing Standard 4-04Information Technology Support Staffing Standard Securing Private Data Standard 10-04Securing Private Data Standard Guidelines (A guideline is recommended but optional behavior.) Critical Server Identification Guideline Windows 2000/XP Basic Desktop Security Guidelines University Network Management Guidelines 3-01University Network Management Guidelines Server Security Guidelines 12-03Server Security Guidelines Information Technology Support Guidelines 4-04Information Technology Support Guidelines Securing Microsoft Domain Controller Guideline 10-04Securing Microsoft Domain Controller Guideline

Tuesday, August 16, OIT Comments About Standards & Guidelines Permits OIT to react quickly Can use guidelines as a starting point that can change As time passes and comments are received, it may become a standard Avoids the longer policy development process IT people like this approach Faculty Senate Committee on IT very supportive of this method For questions contact: Ken Hanna Office of OIT Security U of Minnesota

Tuesday, August 16, End User Needs Web Browser Acrobat Reader Structure of U-Wide Policy Library

Tuesday, August 16, IT Role in Policy Development Own & maintain IT policies Be a resource for policies impacted by IT Help the institution develop/purchase/use software to manage policies See ACUPA article on Status of policy development “Exploring the Campus Policy Process”

Tuesday, August 16, Entering the Reality Zone

Tuesday, August 16, New ACUPA Web Site

Tuesday, August 16, ACUPA Web Page Features Case studies Tools for policy development (Templates, web sites & contacts) Article on policy development List of those willing to advise Other resource links

Tuesday, August 16, Case Studies

Tuesday, August 16, Those Willing to Help

Tuesday, August 16, Other Resources

Tuesday, August 16, Best Practice Examples Linked to the Policy Development Theory

Tuesday, August 16, Be proactive in issue identification - Join ACUPA 2. Identify an owner for each policy - UCLA - University of California, System Examples of Best Practices: Predevelopment

Tuesday, August 16, Determine the best “Policy Path” - Georgia Tech: Policy Process - Cornell University: Policy Process CFID=447932&CFTOKEN= CFID=447932&CFTOKEN= Assemble a team to develop policy Examples of Best Practices: Predevelopment

Tuesday, August 16, Agree on common definitions and terms - University of California, Berkeley - University of Minnesota - Levels and Definitions Use a common format - Arizona State University - University of Vermont Examples of Best Practices: Development

Tuesday, August 16, Obtain approval at owner and senior levels - Boston College - University of California, Berkeley Plan communication, publicity, and education - University of California, Davis - University of Minnesota Examples of Best Practices: Development

Tuesday, August 16, Put information online and accessible from one location - George Washington University - Indiana University Provide search capability - University of California, Davis - University of Tennessee TAL TAL30 Examples of Best Practices: Development

Tuesday, August 16, Develop a plan for active maintenance and review - University of Minnesota Encourage users to provide feedback - Arizona State University - UCLA Examples of Best Practices: Maintenance

Tuesday, August 16, Archive changes and date new releases with an “Effective Date” - James Madison University - University of Georgia Measure outcomes by monitoring or testing Examples of Best Practices: Maintenance

Tuesday, August 16, Successes and Benefits of Policy Process

Tuesday, August 16, University of Minnesota: Successes and Benefits 80% of Non-Regents policies formatted We can count our policies, forms & contracts (238, 476, 123) All policies have an owner People use the Policy Library (10,000 “hits” a month)

Tuesday, August 16, University of Minnesota: Successes and Benefits People see a managed policy development process Policy organization sets the stage for other improvements Financial One Stop website A “How To” for Financial tasks with links to policy, forms, contracts, tools, training, risks, audit results & more.

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.