University and IT Policies: Match or Mis-match? Marilu Goodyear, Vice Provost for Information Services and CIO Jenny Mehmedovic, Coordinator of IT Policy.

Slides:

Advertisements

Similar presentations

HIPAA Privacy Practices. Notice A copy of the current DMH Notice must be posted at each service site where persons seeking DMH services will be able to.

Advertisements

Conflict of Interest, Conflict of Commitment, and Outside Activities UTSA HOP 1.33 Non-covered UTSA staff 1.

Defining the Security Domain Marilu Goodyear John H. Louis University of Kansas.

Security, Privacy, Copyright, and Other Institutional Policy Implications of Online Learning Rodney J. Petersen, J.D. Policy Analyst & Security Task Force.

Security Education and Awareness Workshop January 15-16, 2004 Baltimore, MD.

I Choose Privacy! Intellectual Freedom: Addressing the Privacy Issue in the Academic Library.

Is it Research?. Is It Research? 2 Elements –The project involves a systematic investigation –The design (meaning goal, purpose, or intent) of the investigation.

Crisis Communications for Security Issues: A Nightmare You Can Manage Marilu Goodyear Donna Liss Allison Rose Lopez Jenny Mehmedovic The University of.

The Collaboration Imperative – Lessons Learned & Next Steps April 29, 2011 AMICAL Conference Beirut, Lebanon Gene SpencerSabrina Pape Gene Spencer ConsultingVassar.

Andrea Eastman-Mullins Information & Technology Coordinator University of North Carolina, Office of the President Teaching and Learning with Technology.

Emergency Notification Systems - ISU Alert EDUCAUSE Midwest Regional ISU Alert Carol McDonald Information Systems Leader Information Technology.

A Model for IT Policy Development Marilu Goodyear & Beth Forrest Warner University of Kansas Educause 2001October 29, 2001.

Research and Educational Networking Information Analysis and Sharing Center (REN-ISAC) Mark S. Bruhn, Interim Director University Copyright.

5/21/2015 (1) Complying with P2P Mandates in the HEOA of 2008 EDUCAUSE Live! 23 November 2009

Form I-9 Process An Online Training for Supervisors and Designees Presented by Human Resources Revised November 2009.

Data Management Awareness January 23, University of Michigan Administrative Information Services Data Management Awareness Unit Liaisons January.

FERPA Family Educational Rights and Privacy Act Presented by Bridget Blanshan Interim AVP for Student Affairs & Dean of Students Ext

Copyright Statement © Jason Rhode and Carol Scheidenhelm This work is the intellectual property of the authors. Permission is granted for this material.

Higher Education Cybersecurity Strategy, Programs, and Initiatives Rodney Petersen Policy Analyst & Security Task Force Coordinator EDUCAUSE.

1 IT Security-related Legislation Judy Borreson Caruso CUMREC 2004 May 18, 2004 Copyright Judy Borreson Caruso, This work is the intellectual property.

NLII Mapping the Learning Space New Orleans, LA Colleen Carmean NLII Fellow Information Technology Director, ASU West Editor, MERLOT Faculty Development.

FAMILY EDUCATIONAL RIGHTS AND PRIVACY ACT Electronic Signatures This work is the intellectual property of the author. Permission is granted for this material.

Security Issues on Campus: Government Initiatives Rodney J. Petersen University of Maryland Educause/Internet2 Security Task Force Copyright Rodney J.

Tales from the Trenches Copyright Long, Mitrano, McGovern, and Orr, This work is the intellectual property of the authors. Permission is granted.

So You Want to Switch Course Management Systems? We Have! Come Find Out What We’ve Learned. Copyright University of Okahoma This work is the intellectual.

1 Institutions as Allies in the Security Challenge Wayne Donald, Virginia Tech Cathy Hubbs, George Mason University Darlene Quackenbush, James Madison.

Information Security Governance in Higher Education Policy2004 The EDUCAUSE Policy Conference Gordon Wishon EDUCAUSE/Internet 2 Security Task Force This.

1 Outsourcing Student & Other Collaboration Services Wendy Woodward Director, Technology Support Services Copyright Wendy Woodward This work.

Intellectual Property Protocol and Assessment for Distance Learning Liz Johnson Project Manager Advanced Learning Technologies Board of Regents of the.

1 Fighting Back With An Alliance For Secure Computing And Networking Wayne Donald, Virginia Tech Cathy Hubbs, George Mason University Darlene Quackenbush,

© 2003, EDUCAUSE/Internet2 Computer and Network Security Task Force Computer Access, Privacy and Security: Legal Obligations and Liabilities Rodney J.

Ten Thing IT Staff Need to Know About Education Records Privacy Ten Things IT Staff Need to Know About Education Records Privacy Jeff von Munkwitz-Smith.

HumaniTech®: Educause, Seattle October 24, 2007 Bridging Divides, Building Collaborations

February 22, Southwest Educause Conference 1 Copyright Rebecca Frost Davis, This work is the intellectual property of the author. Permission.

The Family Educational Rights and Privacy Act FERPA Tutorial online:

Managing Intellectual Property for Distance Learning Liz Johnson Project Manager Advanced Learning Technologies Board of Regents of the University System.

Office of Information Technology Balancing Technology and Privacy – the Directory Conundrum January 2007 Copyright Barbara Hope and Lori Kasamatsu 2007.

Value & Excitement University Technology Services Oakland University Information Technology Strategic Planning Theresa Rowe October 2004 Copyright Theresa.

NERCOMP 2002 Ten Things IT Staff Need to Know About Education Records Privacy Jeff von Munkwitz-Smith University Registrar University of Connecticut.

Stewardship of the Information Commons: Cultural, Service, and Operational Issues Stephen R. Acker The Ohio State University Copyright Stephen R. Acker,

The Real At Risk E-Content: University Web Resources EDUCAUSE Joanne Kaczmarek University of Illinois at Urbana-Champaign Taylor Surface OCLC October 12,

RESPONSIBLE CONDUCT IN HUMAN SUBJECTS RESEARCH MARGARITA M. CARDONA DIRECTOR OF SPONSORED RESEARCH Institutional Review Board.

Policy and IT Security Awareness Amy Ginther Policy Develoment Coordinator University of Maryland Information Technology Security Workshop April 2, 2004.

Safeguarding Research Data Policy and Implementation Challenges Miguel Soldi February 24, 2006 THE UNIVERSITY OF TEXAS SYSTEM.

Higher Education PKI Summit Meeting August 8, 2001 The ABA PAG Rodney J. Petersen, J.D. Director, Policy and Planning Office of Information Technology.

Joint Committee of the Higher Education and Entertainment Communities John C. Vaughn Executive Vice President Association of American Universities November.

Cyberethics, Cybersafety, and Cybersecurity (C3): Implications for the Classroom Teacher Amy Ginther Project NEThics Director; Policy Develoment Coordinator.

Model Approaches to IT Policy Development EDUCAUSE Pre-Conference Seminar 05A, October 19, 2004 Amy Ginther, Coordinator of Policy Development and Education,

Search Committee Orientation. Housekeeping Restrooms Emergency Exits Please set Cell Phone to Silent 2.

DOC Web Policies & Best Practices Jennifer Hammond NOAA Research WebShop 2002 August 7, 2002.

Tough Times and Hard Decisions – Thinking Strategically About IT The CIO – What Lies Ahead? Gordon Wishon, CIO, University of Notre Dame 2003 SAC Executive.

Copyright [Dr. Michael Hoadley, Chat Chatterji, and John Henderson ] [2004]. This work is the intellectual property of the authors. Permission is granted.

Fulfilling the Potential of Academic Advising: Engaging Faculty Advisors Maura Reynolds Hope College, Holland MI The Global Community for Academic Advising.

Integration is Critical for Success Curriculum Course Delivery Ongoing Support Instructor & Learner.

1 Effective Incident Response Presented by Greg Hedrick, Manager of Security Services Copyright Purdue University This work is the intellectual property.

ITCC / IT Retreat Data Access Procedure December 10, 2009 Karl F. Lutzen Information Security Officer.

Copyright © 2015 by Saunders, an imprint of Elsevier Inc. All rights reserved. Chapter 3 Privacy, Confidentiality, and Security.

Promoting Copyright Education and Compliance on Campus Copyright Basics: Utilizing Available Tools and Resources Educause SouthWest Regional Conference.

EDUCAUSE 2003 Copyright Toshiyuki Urata 2003 This work is the intellectual property of the author. Permission is granted for this material to be shared.

1 Top 10 Challenges of the Academic Technology Community John P. Campbell & Dennis A. Trinkle EDUCAUSE Live! Monday, May 21, :00-2:00 PM Copyright.

Educause Live! August 3, USA PATRIOT Act and Beyond: How Higher Education Institutions and Libraries are Cooperating and Coping Marilu Goodyear CIO.

2007 Carnegie Mellon University 1 Copyright Kelley Anderson and Mary L. Pretz- Lawson, This work is the intellectual property of the authors. Permission.

EDUCAUSE/Internet2 Computer & Network Security Task Force Update Dan Updegrove VP for IT, University of Texas at Austin Task Force Co-chair Tempe,

Bringing it All Together: Charting Your Roadmap CAMP: Charting Your Authentication Roadmap February 8, 2007 Paul Caskey Copyright Paul Caskey This.

NMI-EDIT and Rice University Federated Identity Management: Managing Access to Resources in Texas Barry Ribbeck Director System Architecture and Infrastructure.

© Scottsdale Community College Leveraging the Power of E-Learning Taking your course to a higher level Presented by Sidne Tate Director, Instructional.

Top 10 Challenges of the Academic Technology Community Veronica Diaz, John Campbell, Dennis Trinkle Wednesday, October 24, :50 p.m. - 4:40 p.m.

Internal Audit Section. Authorized in Section , Florida Statutes Section , Florida Statutes (F.S.), authorizes the Inspector General to review.

Montgomery College Acceptable Use Policy (AUP). 2 This Acceptable Use Policy (AUP) PowerPoint presentation was developed by the Office of the Information.

Ed Barboni, Senior Advisor, Council of Independent Colleges

Presentation transcript:

University and IT Policies: Match or Mis-match? Marilu Goodyear, Vice Provost for Information Services and CIO Jenny Mehmedovic, Coordinator of IT Policy & Planning University of Kansas

Educause Southwest February Copyright Marilu Goodyear, Jenny Mehmedovic [2005]. This work is the intellectual property of the authors. Permission is granted for this material to be shared for non-commercial, educational purposes, provided that this copyright statement appears on the reproduced materials and notice is given that the copying is by permission of the author. To disseminate otherwise or to republish requires written permission from the author.

Educause Southwest February Why are policies created? To reflect the philosophies, attitudes, or values of an organization related to a specific issue/problem

Educause Southwest February Elements of Policy-making in a Higher Ed Environment Problem to be addressed: Misbehavior - reactive Organizational change - reactive Significant liability assessed- proactive Institutional influences on policy development: Values related to that problem held by the institution/university Stakeholders (all those in some way responsible for or affected by the policy) External influences: Legislative Regulatory Public policy

5 Institutional Influences: Core Academic Values Community: shared decision making; outreach to connected communities (access to affiliates or other patrons) Autonomy: academic and intellectual freedom; distributed computing Privacy: “the right to open inquiry without having the subject of one’s interest examined or scrutinized by others” (American Library Association, 2002) Fairness: due process From Oblinger, Computer and Network Security in Higher Education, Mark Luker and Rodney Petersen, editors.

Educause Southwest February Influences: EDUCAUSE/Internet2 Principles Civility and Community Academic and Intellectual Freedom Privacy and Confidentiality Equity, Diversity and Access Fairness and Process Ethics, Integrity and Responsibility EDUCAUSE and Internet2 Computer and Network Security Task Force, “Principles to Guide Efforts to Improve Computer and Network Security for Higher Education,” August 2002; available at

Educause Southwest February Policy Life Cycle 1. Setting the stage for policy development 2. Writing the policy 3. Approving the policy 4. Distributing the policy 5. Educating the community about the policy 6. Enforcing the policy 7. Reviewing the policy at regular intervals

Educause Southwest February Policy Development Process with Best Practices (ACUPA)

Educause Southwest February University Policy or IT Policy? How do you know? Who is audience (“scope”)? Institution? Campus? Department/school/unit? Users of a service? Subset of a population by status? Who writes it? Who approves it?

Educause Southwest February Power Relationships: Who has control of the policy process on your campus? Understand who makes decisions Probably somehow related to faculty Probably somehow related to the Chief Financial Officer Determine “orientation” of the power players; particularly academic discipline Determine who influences the power players

Educause Southwest February Identifying Stakeholders Determine who is interested Determine who is already working in the area Determine who has to “sign on” to get the policy approved Form a stakeholders group to work on the concepts (not the writing)

12 Identified Stakeholders

Educause Southwest February Ensure Stakeholders are Informed Begin discussions by: Identifying why the policy is needed, what problem it is solving, what value it is expressing Understanding underlying legal foundations and related policies Providing examples of circumstances that require the policy

Educause Southwest February Case Study: Setting the Stage for a Privacy Policy Stakeholder discussions Provide research on the concern of electronic users with privacy; Gallup Poll Ask participants to share their own experiences Gain understanding Learn existing campus issues Give some examples from other environments

Educause Southwest February Case Study: Privacy Policy Focus on issues, not semantics Have scenario-based discussions Staff member goes on vacation and there is a change in a conference speaker; supervisor needs access to her computer FBI arrives with court order asking for a engineering faculty members for the last year and his library use records Human Resources calls and wants the IT staff to review a PC of a staff member suspected of using porn during work time

Educause Southwest February Case Study: Privacy Policy “What” is policy. “How” is not. Policy: concise statement of what is general organizational intent re: issue Procedures: detailed statement describing how to accomplish policy; generally mandatory Guidelines: information about how to accomplish a task or goal; not mandatory, but a good idea Checklists: one or more statements, in sequence, dictating how to accomplish a task Standards: established by a recognized authority

Educause Southwest February Case Study: Privacy Policy The Policy Statement Policy: concise statement of what is general organizational intent re: issue The general right to privacy is granted to the extent possible within the electronic environment. Contents should be examined or disclosed only when authorized by the owner, approved by an appropriate University official, or required by law.

Educause Southwest February Case Study: Privacy Policy Procedures that Support the Policy Procedures: detailed statement describing how to accomplish policy; generally mandatory Example: If you are approached by law enforcement in person or by phone with a general request for information, confirm with the investigative agent that release of non-directory information may only occur upon service of a subpoena, search warrant or other court order.

Educause Southwest February Case Study: Privacy Policy Checklists Checklists: one or more statements, in sequence, dictating how to accomplish a task Example: If you are asked by your supervisor to access another staff member’s files, be sure to: Ask the staff member for permission, if possible Ensure the supervisor has obtained approval from the appropriate Vice Provost or Dean for his/her reporting line Maintain documentation of original request and your responses

Educause Southwest February Resources EDUCAUSE/Cornell Institute for Computer, Policy and Law – July Be sure to visit the resource library including links to hundreds of online policies from colleges and universities around the country.resource library Join the listserv! Association of College and University Policy Administrators – regular conference calls Join the listserv! Annual EDUCAUSE conference - October 2005 Preconference offered on Model Approaches to Policy Development, with a Writing Workshop

Educause Southwest February Questions? Marilu Goodyear - goodyear at ku.edugoodyear at ku.edu Jenny Mehmedovic – jmehmedo at ku.edujmehmedo at ku.edu