Main Nav

Hello Colleagues,

 

I am wondering if there is a minimum requirement/benchmark set of IT Policies that should be in place.  I’m in the process of reviewing our current IT Policies and reviewing frameworks (COBIT, ITIL), standards (ISO, NIST, etc.) and other resources (SANS, CIS, CERT, ISACA, etc.), but I have not been able to determine what would be a minimum set of policies.  If you know of a resource or model set of policies please let me know  so I can compare.  Also, if you think that your University has a really good set of policies I would appreciate getting a link so I can compare.

 

Thanks,

 

Carlos S. Lobato, CISA, CIA

IT Compliance Officer

 

New Mexico State University

Information and Communication Technologies

MSC 3AT PO Box 30001

Las Cruces, NM  88003-8001

 

Phone: 575-646-5902

Fax: 575-646-5278

 

Email: clobato@nmsu.edu

 

********** Visit the EDUCAUSE Policy website at http://www.educause.edu/policy.

Comments

I think Carlos has made a good point about have a set of policies that achieve a goal.  Our policy group is at http://www.oakland.edu/uts/policies

But that is a group of policies and guidelines.  What I think we really need to get to is a "unified compliance plan for universities."   I still use this article from 2006:  http://www.educause.edu/ero/article/unified-approach-information-security-compliance   but I think it needs updating.    This SANS chart is good, but you have to interpret it for policies:  http://www.sans.org/whatworks/applicable_sections.php.

Does anyone have a good current framework to use?

Enjoy the 4th -

Theresa

What is IT Policy? It’s more than security, IMHO. Here are the areas at Wisconsin we think are IT policy:

 

• Identity and Access Mgt.

• IT Resource Management

• Information Networking

• Intellectual Property

• Privacy and Information Security

• Records and Information Mgt.

 

Judy

 

Judy Borreson Caruso

Director, IT Policy and Planning

CIO's Office

University of Wisconsin-Madison

Madison WI 53706

judy.caruso@cio.wisc.edu

608-263-7318

 

 

 

From: EDUCAUSE Policy Discussion Listserv [mailto:POLICY-DISCUSSION@LISTSERV.EDUCAUSE.EDU] On Behalf Of Theresa Rowe
Sent: Tuesday, July 03, 2012 3:10 PM
To: POLICY-DISCUSSION@LISTSERV.EDUCAUSE.EDU
Subject: Re: [POLICY-DISCUSSION] IT Policies ! ! !

 

I think Carlos has made a good point about have a set of policies that achieve a goal.  Our policy group is at http://www.oakland.edu/uts/policies

But that is a group of policies and guidelines.  What I think we really need to get to is a "unified compliance plan for universities."   I still use this article from 2006:  http://www.educause.edu/ero/article/unified-approach-information-security-compliance   but I think it needs updating.    This SANS chart is good, but you have to interpret it for policies:  http://www.sans.org/whatworks/applicable_sections.php.

Does anyone have a good current framework to use?

Enjoy the 4th -

Theresa

Several years ago I wrote this EDUCAUSE Review article called “A Framework for IT Policy Development” (http://www.educause.edu/ero/article/framework-it-policy-development).  It wasn’t intended to be a survey of all of the possible policy topics.  Rather, it was an attempt to identify the sources of institutional policies ranging from legal/compliance requirements (e.g., FERPA, HIPAA, etc.) to ethical considerations (e.g., “acceptable use”).  You may also find EDUCAUSE’s attempt to categorize and collect sample policies of some use, see http://www.educause.edu/library/campus-policy-and-law?filters=sm_cck_field_super_facet%3A%22EDUCAUSE%20Library%20Items%22%20tid%3A30384%20tid%3A30363

 

With respect to Information Security Policy, there is a further breakdown according to the ISO 27002 standard here:  https://wiki.internet2.edu/confluence/display/itsg2/Security+Policy+%28ISO+5%29 

 

I look forward to further sharing on the list of how campuses are organizing their IT policies.  I expect that this will be a topic that EDUCAUSE Policy will discuss along with our Campus Policy Working Group to see if we can’t produce further resources.

 

Thanks,

 

-Rodney

 

------------------------------------------------------
Rodney J. Petersen
Managing Director of Washington Office

& Senior Government Relations Officer
EDUCAUSE

 

1150 18th Street, N.W., Suite 900
Washington, D.C. 20036
Office: (202) 331-5368 / Mobile: (301) 523-4763
educause.edu
------------------------------------------------------

 

Get the latest news on higher education IT policy issues and regulations.
Subscribe to the EDUCAUSE Policy bi-monthly Policy Digest.

 

 

 

 

 

Thanks for sharing those resources, everyone.  In Texas, there’s the Texas Administrative Code that pretty much outlines your policies for you.  Part 10 (http://info.sos.state.tx.us/pls/pub/readtac$ext.viewtac?tac_view=3&ti=1&pt=10) addresses the main IT “stuff” and Chapter 202.75(7)  (http://info.sos.state.tx.us/pls/pub/readtac$ext.TacPage?sl=R&app=9&p_dir=&p_rloc=&p_tloc=&p_ploc=&pg=1&p_tac=&ti=1&pt=10&ch=202&rl=75) even lists IT security policies you should have.

 

 

 

Thanks,

Yung

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Yung Ng, Director - IT Policy & Planning

TTU Office Of The CIO  -  T: 806.834.5169

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Jaj vIghaj!  (Own the day!) – Klingon battle cry

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

Close
Close


EDUCAUSE Connect
View dates and locations

Events for all Levels and Interests

Whether you're looking for a conference to attend face-to-face to connect with peers, or for an online event for team professional development, see what's upcoming.

Close

EDUCAUSE Institute
Leadership/Management Programs
Explore More

Career Center


Leadership and Management Programs

EDUCAUSE Institute
Project Management

 

 

Jump Start Your Career Growth

Explore EDUCAUSE professional development opportunities that match your career aspirations and desired level of time investment through our interactive online guide.

 

Close
EDUCAUSE organizes its efforts around three IT Focus Areas

 

 

Join These Programs If Your Focus Is

Close

Get on the Higher Ed IT Map

Employees of EDUCAUSE member institutions and organizations are invited to create individual profiles.
 

 

Close

2014 Strategic Priorities

  • Building the Profession
  • IT as a Game Changer
  • Foundations


Learn More >

Uncommon Thinking for the Common Good™

EDUCAUSE is the foremost community of higher education IT leaders and professionals.