Presentation is loading. Please wait.

Presentation is loading. Please wait.

University and IT Policies: Match or Mis-match? Marilu Goodyear, Vice Provost for Information Services and CIO Jenny Mehmedovic, Coordinator of IT Policy.

Published byClaribel Peters Modified over 9 years ago

Similar presentations

Presentation on theme: "University and IT Policies: Match or Mis-match? Marilu Goodyear, Vice Provost for Information Services and CIO Jenny Mehmedovic, Coordinator of IT Policy."— Presentation transcript:

1 University and IT Policies: Match or Mis-match? Marilu Goodyear, Vice Provost for Information Services and CIO Jenny Mehmedovic, Coordinator of IT Policy & Planning University of Kansas

2 Educause Southwest February 2005 2 Copyright Marilu Goodyear, Jenny Mehmedovic [2005]. This work is the intellectual property of the authors. Permission is granted for this material to be shared for non-commercial, educational purposes, provided that this copyright statement appears on the reproduced materials and notice is given that the copying is by permission of the author. To disseminate otherwise or to republish requires written permission from the author.

3 Educause Southwest February 2005 3 Why are policies created? To reflect the philosophies, attitudes, or values of an organization related to a specific issue/problem

4 Educause Southwest February 2005 4 Elements of Policy-making in a Higher Ed Environment Problem to be addressed: Misbehavior - reactive Organizational change - reactive Significant liability assessed- proactive Institutional influences on policy development: Values related to that problem held by the institution/university Stakeholders (all those in some way responsible for or affected by the policy) External influences: Legislative Regulatory Public policy

5 5 Institutional Influences: Core Academic Values Community: shared decision making; outreach to connected communities (access to affiliates or other patrons) Autonomy: academic and intellectual freedom; distributed computing Privacy: “the right to open inquiry without having the subject of one’s interest examined or scrutinized by others” (American Library Association, 2002) Fairness: due process From Oblinger, Computer and Network Security in Higher Education, 2003. Mark Luker and Rodney Petersen, editors. http://www.educause.edu/asp/doclib/abstract.asp?ID=PUB7008 http://www.educause.edu/asp/doclib/abstract.asp?ID=PUB7008

6 Educause Southwest February 2005 6 Influences: EDUCAUSE/Internet2 Principles Civility and Community Academic and Intellectual Freedom Privacy and Confidentiality Equity, Diversity and Access Fairness and Process Ethics, Integrity and Responsibility EDUCAUSE and Internet2 Computer and Network Security Task Force, “Principles to Guide Efforts to Improve Computer and Network Security for Higher Education,” August 2002; available at http://www.educause.edu/ir/library/pdf/sec0310.pdf http://www.educause.edu/ir/library/pdf/sec0310.pdf

7 Educause Southwest February 2005 7 Policy Life Cycle 1. Setting the stage for policy development 2. Writing the policy 3. Approving the policy 4. Distributing the policy 5. Educating the community about the policy 6. Enforcing the policy 7. Reviewing the policy at regular intervals

8 Educause Southwest February 2005 8 Policy Development Process with Best Practices (ACUPA)

9 Educause Southwest February 2005 9 University Policy or IT Policy? How do you know? Who is audience (“scope”)? Institution? Campus? Department/school/unit? Users of a service? Subset of a population by status? Who writes it? Who approves it?

10 Educause Southwest February 2005 10 Power Relationships: Who has control of the policy process on your campus? Understand who makes decisions Probably somehow related to faculty Probably somehow related to the Chief Financial Officer Determine “orientation” of the power players; particularly academic discipline Determine who influences the power players

11 Educause Southwest February 2005 11 Identifying Stakeholders Determine who is interested Determine who is already working in the area Determine who has to “sign on” to get the policy approved Form a stakeholders group to work on the concepts (not the writing)

12 12 Identified Stakeholders

13 Educause Southwest February 2005 13 Ensure Stakeholders are Informed Begin discussions by: Identifying why the policy is needed, what problem it is solving, what value it is expressing Understanding underlying legal foundations and related policies Providing examples of circumstances that require the policy

14 Educause Southwest February 2005 14 Case Study: Setting the Stage for a Privacy Policy Stakeholder discussions Provide research on the concern of electronic users with privacy; Gallup Poll Ask participants to share their own experiences Gain understanding Learn existing campus issues Give some examples from other environments

15 Educause Southwest February 2005 15 Case Study: Privacy Policy Focus on issues, not semantics Have scenario-based discussions Staff member goes on vacation and there is a change in a conference speaker; supervisor needs access to her computer FBI arrives with court order asking for a engineering faculty members email for the last year and his library use records Human Resources calls and wants the IT staff to review a PC of a staff member suspected of using porn during work time

16 Educause Southwest February 2005 16 Case Study: Privacy Policy “What” is policy. “How” is not. Policy: concise statement of what is general organizational intent re: issue Procedures: detailed statement describing how to accomplish policy; generally mandatory Guidelines: information about how to accomplish a task or goal; not mandatory, but a good idea Checklists: one or more statements, in sequence, dictating how to accomplish a task Standards: established by a recognized authority

17 Educause Southwest February 2005 17 Case Study: Privacy Policy The Policy Statement Policy: concise statement of what is general organizational intent re: issue The general right to privacy is granted to the extent possible within the electronic environment. Contents should be examined or disclosed only when authorized by the owner, approved by an appropriate University official, or required by law.

18 Educause Southwest February 2005 18 Case Study: Privacy Policy Procedures that Support the Policy Procedures: detailed statement describing how to accomplish policy; generally mandatory Example: If you are approached by law enforcement in person or by phone with a general request for information, confirm with the investigative agent that release of non-directory information may only occur upon service of a subpoena, search warrant or other court order.

19 Educause Southwest February 2005 19 Case Study: Privacy Policy Checklists Checklists: one or more statements, in sequence, dictating how to accomplish a task Example: If you are asked by your supervisor to access another staff member’s files, be sure to: Ask the staff member for permission, if possible Ensure the supervisor has obtained approval from the appropriate Vice Provost or Dean for his/her reporting line Maintain documentation of original request and your responses

20 Educause Southwest February 2005 20 Resources EDUCAUSE/Cornell Institute for Computer, Policy and Law – July 2005 http://www.educause.edu/icpl/ Be sure to visit the resource library including links to hundreds of online policies from colleges and universities around the country.resource library Join the listserv! Association of College and University Policy Administrators – regular conference calls http://process.umn.edu/ACUPA/about/ http://process.umn.edu/ACUPA/about/ Join the listserv! Annual EDUCAUSE conference - October 2005 Preconference offered on Model Approaches to Policy Development, with a Writing Workshop

21 Educause Southwest February 2005 21 Questions? Marilu Goodyear - goodyear at ku.edugoodyear at ku.edu Jenny Mehmedovic – jmehmedo at ku.edujmehmedo at ku.edu

Download ppt "University and IT Policies: Match or Mis-match? Marilu Goodyear, Vice Provost for Information Services and CIO Jenny Mehmedovic, Coordinator of IT Policy."

Similar presentations

HIPAA Privacy Practices. Notice A copy of the current DMH Notice must be posted at each service site where persons seeking DMH services will be able to.

HIPAA Privacy Practices. Notice A copy of the current DMH Notice must be posted at each service site where persons seeking DMH services will be able to.
Conflict of Interest, Conflict of Commitment, and Outside Activities UTSA HOP 1.33 Non-covered UTSA staff 1.

Conflict of Interest, Conflict of Commitment, and Outside Activities UTSA HOP 1.33 Non-covered UTSA staff 1.
Defining the Security Domain Marilu Goodyear John H. Louis University of Kansas.

Defining the Security Domain Marilu Goodyear John H. Louis University of Kansas.
Security, Privacy, Copyright, and Other Institutional Policy Implications of Online Learning Rodney J. Petersen, J.D. Policy Analyst & Security Task Force.

Security, Privacy, Copyright, and Other Institutional Policy Implications of Online Learning Rodney J. Petersen, J.D. Policy Analyst & Security Task Force.
Security Education and Awareness Workshop January 15-16, 2004 Baltimore, MD.

Security Education and Awareness Workshop January 15-16, 2004 Baltimore, MD.
I Choose Privacy! Intellectual Freedom: Addressing the Privacy Issue in the Academic Library.

I Choose Privacy! Intellectual Freedom: Addressing the Privacy Issue in the Academic Library.
Is it Research?. Is It Research? 2 Elements –The project involves a systematic investigation –The design (meaning goal, purpose, or intent) of the investigation.

Is it Research?. Is It Research? 2 Elements –The project involves a systematic investigation –The design (meaning goal, purpose, or intent) of the investigation.
Crisis Communications for Security Issues: A Nightmare You Can Manage Marilu Goodyear Donna Liss Allison Rose Lopez Jenny Mehmedovic The University of.

Crisis Communications for Security Issues: A Nightmare You Can Manage Marilu Goodyear Donna Liss Allison Rose Lopez Jenny Mehmedovic The University of.
The Collaboration Imperative – Lessons Learned & Next Steps April 29, 2011 AMICAL Conference Beirut, Lebanon Gene SpencerSabrina Pape Gene Spencer ConsultingVassar.

The Collaboration Imperative – Lessons Learned & Next Steps April 29, 2011 AMICAL Conference Beirut, Lebanon Gene SpencerSabrina Pape Gene Spencer ConsultingVassar.
Andrea Eastman-Mullins Information & Technology Coordinator University of North Carolina, Office of the President Teaching and Learning with Technology.

Andrea Eastman-Mullins Information & Technology Coordinator University of North Carolina, Office of the President Teaching and Learning with Technology.
Emergency Notification Systems - ISU Alert EDUCAUSE Midwest Regional 2008 1 ISU Alert Carol McDonald Information Systems Leader Information Technology.

Emergency Notification Systems - ISU Alert EDUCAUSE Midwest Regional ISU Alert Carol McDonald Information Systems Leader Information Technology.
A Model for IT Policy Development Marilu Goodyear & Beth Forrest Warner University of Kansas Educause 2001October 29, 2001.

A Model for IT Policy Development Marilu Goodyear & Beth Forrest Warner University of Kansas Educause 2001October 29, 2001.
Research and Educational Networking Information Analysis and Sharing Center (REN-ISAC) Mark S. Bruhn, Interim Director University Copyright.

Research and Educational Networking Information Analysis and Sharing Center (REN-ISAC) Mark S. Bruhn, Interim Director University Copyright.
5/21/2015 (1) Complying with P2P Mandates in the HEOA of 2008 EDUCAUSE Live! 23 November 2009

5/21/2015 (1) Complying with P2P Mandates in the HEOA of 2008 EDUCAUSE Live! 23 November 2009
Form I-9 Process An Online Training for Supervisors and Designees Presented by Human Resources Revised November 2009.

Form I-9 Process An Online Training for Supervisors and Designees Presented by Human Resources Revised November 2009.
Data Management Awareness January 23, 2008 1 University of Michigan Administrative Information Services Data Management Awareness Unit Liaisons January.

Data Management Awareness January 23, University of Michigan Administrative Information Services Data Management Awareness Unit Liaisons January.
FERPA Family Educational Rights and Privacy Act Presented by Bridget Blanshan Interim AVP for Student Affairs & Dean of Students Ext. 4935.

FERPA Family Educational Rights and Privacy Act Presented by Bridget Blanshan Interim AVP for Student Affairs & Dean of Students Ext
Copyright Statement © Jason Rhode and Carol Scheidenhelm. 2006. This work is the intellectual property of the authors. Permission is granted for this material.

Copyright Statement © Jason Rhode and Carol Scheidenhelm This work is the intellectual property of the authors. Permission is granted for this material.
Higher Education Cybersecurity Strategy, Programs, and Initiatives Rodney Petersen Policy Analyst & Security Task Force Coordinator EDUCAUSE.

Higher Education Cybersecurity Strategy, Programs, and Initiatives Rodney Petersen Policy Analyst & Security Task Force Coordinator EDUCAUSE.
1 IT Security-related Legislation Judy Borreson Caruso CUMREC 2004 May 18, 2004 Copyright Judy Borreson Caruso, 2004. This work is the intellectual property.

1 IT Security-related Legislation Judy Borreson Caruso CUMREC 2004 May 18, 2004 Copyright Judy Borreson Caruso, This work is the intellectual property.

Similar presentations

Ads by Google