1. Policy Pickles at Sueme U Seminars in Academic Computing 2005 – Case 5

2. Case 5 Team  Lavon Frazier, WSU  Chris Haile, SUNY at Albany  Eileen Heveron, National  Brad Hough, Covenant Sem.  Pam McQuesten, Cal State

3. Presentation Overview  Background  Findings  Recommendations  Action Plans

4. Presentation Overview  Background  Findings  Recommendations  Action Plans

5. Institution  Comprehensive state institution  17,000+ students 60% commuter, 40% residential  3,000+ faculty and staff  Dramatic growth in past 10 years  Strong centralized IT Services

6. Situation  New (first) CIO  Generally good IT infrastructure  Isolated complaints about IT related problems  Minimal IT policies in place  CIO recognizes seriousness of situation

7. CIO’s Assessment  General IT policies in place, but even those are loose No signature required on AUP Passwords changes not required No rules for use of services (e.g., mass emails by all, private servers)  Experiencing bandwidth problems

8. CIO’s Assessment (cont.)  Access to network and data not appropriately controlled Labs open for public use Access requests granted by IT staff  Exceptional number of copyright violation notices  Issues of academic freedom

9. Presentation Overview  Background  Findings  Recommendations  Action Plans

10. Consultant Findings  CIO’s assessment is valid  Situation extends beyond the IT department to entire campus  Policies are inadequate  Risk is high

11. Consultant Findings (cont.)  Existing policy framework will serve the institutional needs Regular policy review ( policy owner is responsible, at least every 3 years) Policies/changes proposed to President’s Cabinet Approved by Cabinet and President

12. Presentation Overview  Background  Findings  Recommendations  Action Plans

13. Recommendations  Put needed IT policies in place Create IT Policy Council Agree on guiding principles Develop needed policies  Educate university community to gain compliance

14. IT Policy Council  Representation from every major constituency group Faculty, staff, and students University citizens (not technical reps) Ability to see the big picture  Review and recommend policy and policy changes  May develop institutional standards

15. Guiding Principles  Policies need to be developed in light of the university’s mission  Institutional data is a strategic asset  Network is a community resource  Policies must balance academic freedom, security, and privacy

16. Policy Development Priorities  Appropriate Use Policy  Data Policy  Network Policy  Digital Copyright Policy  Intellectual Property Policy  Web Policy  E-mail Policy

17. Policy Format  Business need for the policy  Policy statement itself  Complete explanation of policy  Consequences for violations  Identification of policy owner  Appendix with current standards

18. Policy Enforcement  Clearly state consequences in the policy  Use existing disciplinary procedures based on the person’s role at the institution

19. Policy Education  Announcement by the President  Published on web and in campus newspaper(s)  Reinforced by policy owner through multiple channels  Policy awareness/education as ongoing IT activity

20. Presentation Overview  Background  Findings  Recommendations  Action Plans

21. Action Plans  Take immediate measures to mitigate risk Build awareness of risk with IT staff to gain their buy-in for change Notify President’s Cabinet that CIO is taking immediate mitigation actions Tighten IT practices  Conduct review of current departmental issues

22. Action Plans (cont.)  Begin to educate stakeholders about departmental and institutional issues  Build stakeholder awareness of the problem of lack of policies – Dean’s Council, Faculty Senate, President’s Cabinet, etc.  Review IT policies at peer institutions

23. Action Plans (cont.)  Gain buy-in from VPs for IT Policy Council  Begin series of regular executive briefings for mid- and senior-level managers

24. Policy Pickles at Sueme U Questions?