Conferences & Events
Events for all Levels and InterestsStay
Jump Start Your Career GrowthStay
Get on the Higher Ed IT MapStay
Uncommon Thinking for the Common Good™Stay
Filter by type
- Presentations and Seminars [x]
Filter by Publications
Filter by Presentations
Filter by Library Taxonomy
EDUCAUSE IT Governance, Risk, and Compliance Program
Governance, risk, and compliance (GRC) issues increasingly pervade higher education information technology. As institutional investment in IT and reliance on information systems have grown, so has the need for reliable structures and measures to ensure success and minimize failure.
IT GRC programs develop a framework for the leadership, organization, and operation of an institution's IT programs. This framework can be used by IT staff to ensure that their programs support and enable the institution's strategic objectives. The EDUCAUSE IT GRC program provides resources that help you define and implement IT GRC activities on your own campus.
A member advisory board, member working groups, and representatives from complementary organizations advise EDUCAUSE in the development of best practices, toolkits, and case studies. EDUCAUSE-conducted research will benchmark how higher education institutions are currently approaching IT GRC practices. New resources will be added to this page as they are developed.
To learn more or to contribute to the higher education IT GRC body of knowledge, contact us at GRC@educause.edu
- Questions about IT Governance, Risk, and Compliance Answered, EDUCAUSE Review, October 27, 2014. To offer insights into the difficulties and opportunities inherent in IT GRC programs in higher education, the author asked members of the advisory committee to tackle some key questions for EDUCAUSE readers.
- IT Governance, Risk, and Compliance in Higher Education, ECAR Research Study, June 2014. This study benchmarks how higher education institutions are approaching IT GRC practice.
- The Foundations of a High-Performance ITS Organization, EDUCAUSE Live! May 2014. This webinar explores how to develop a framework for an IT strategic planning process and implement it, how to design a governance structure for Project Portfolio Management and implement a PPM model, and how to implement a process to craft vision and mission statements for the organization.
- Supporting Information Governance through Records and Information Management, ECAR Research Bulletin, April 2014. This research bulletin explains how information governance is at the core of a RIM program and how IT interests in information governance can be better supported by having a RIM program.
- Governance, Risk, and Compliance: Why Now? EDUCAUSE Review, December 6, 2013. Governance, risk, and compliance (GRC) programs intend to develop a framework for the leadership, organization, and operation of the institution's IT areas to ensure that those areas support and enable the institution's strategic objectives.
- Speaking the Same Language: Building a Data Governance Program for Institutional Impact, EDUCAUSE Review, December 6, 2013.
- Starting the Conversation: University-wide Research Data Management Policy, EDUCAUSE Review, December 6, 2013.
- Boston University Information Services and Technology Governance Model, October 10, 2013,
- Making the Case for the Information Strategy, ECAR Bulletin. September 6, 2011.
- Leading the Higher Education IT Organization: Six Building Blocks of Success, EDUCAUSE Review, May 31, 2011.
- Making IT Governance Work, ECAR Bulletin, October 5, 2010.
- Decentralized IT Governance and Policy in Higher Education, ECAR Research Bulletin, March 10, 2009.
- Process and Politics: IT Governance in Higher Education, ECAR Research Report, July 21, 2008.
- Queensland University of Technology: Three Generations of IT Governance (and Counting), ECAR Case Study, July 25, 2008.
- Reforming IT Governance at Berkeley: Introducing an Enterprise Perspective to a Decentralized Organization, ECAR Case Study, July 25, 2008
- From 2004-2012 IT governance was in various positions of the EDUCAUSE top ten issues, http://www.educause.edu/educause/visualizations/vis1/index.html
- Developing A Comprehensive Privacy Program: A Step-By-Step Guide, Daniel Solove, NACUA. December 2013
- Leveraging Enterprise Risk Management: Opportunity for Greater Relevance, EDUCAUSE Review, December 6, 2013. Even though enterprise risk management (ERM) engages the entire higher education institution, IT organizations have an opportunity to use ERM to move beyond a services function toward providing strategic value to the institution.
- Learning While Doing: Two Institutions’ Practical IT Risk Management Experiences, ECAR Research Bulletin, July 29, 2013.
- Top-10 IT Issues, Policy Implications, and Managing Risk, EDUCAUSE Blog, June 24, 2013.
- IT Risk Management: Try This Exercise at Your Institution, EDUCAUSE Review Online, June 30, 2013.
- IT Risk Management Poll Results, April 2013.
- Managing IT Risk in Higher Education: A Methodology, ECAR Research Bulletin, March 18, 2008.
For additional resources see the library Items tab on the "Risk Management" page
- New Year, New Challenges: Preparing Your Campus for Data Privacy and Security Issues in the Year Ahead, EDUCAUSE/NACUA Webinar. December 2013.
- Higher Education IT Compliance through the Prism of Risk Controls,EDUCAUSE Review, December 6, 2013. Only through collaborative compliance and risk discussions can appropriate decisions be made about both the everyday activities and the transformative new technologies that are or will be available to the higher education institution of 2020.
- Higher Education Information Security Council, Information Security Guide, Compliance Chapter, EDUCAUSE/Internet2
- Privacy, Security, and Compliance: Strange Bedfellows, or a Marriage Made in Heaven?, EDUCAUSE Review, January 28, 2013.
- The Policy Process Life Cycle, EDUCAUSE Review, March 20, 2009.
- Higher Education Compliance Alliance, was created by the National Association of College and University Attorneys (NACUA), in partnership with thirty other higher education associations, to provide the higher education community with a centralized repository of information and resources for compliance with federal laws and regulations.
For additional resources see the library Items tab on the "Compliance" page
Library Items on this Topic
EDUCAUSE Library Items for IT Governance
- IT Governance: (Re-)Assembling the Packets
January 1, 2004
IT governance concerns not only the anarchic university (on the EDUCAUSE 2004 Top-Ten Current Issues list three times in various guises) but also corporate America. Done wisely, it is a great vehic…
- A Miracle Happens: Reinventing IT Governance at UGA
January 1, 2004
The University of Georgia recently developed a more inclusive IT governance model. Members of the development team learned that process is important, but building relationships and establishing tru…
- Life After Implementation: Governance
January 1, 2004
This presentation is from the 2004 CAMP Directory Workshop. After implementing an enterprise directory service, there are ongoing issues of process, system upgrades, new legal and policy requirem…
- 2003 Annual Gartner-EDUCAUSE Update
January 1, 2003
Higher education CIOs continue to face pressure to do more with less. In this session we will look at how to build strong relationships and an appropriate model for IT governance, how to define and…
- Getting Engaged: Renewing the IT Organization and Its Management in Large Universities
January 1, 2002
This presentation will describe the radical internal reform process that commenced in 1998 and continues through the present to bring about governance and resourcing changes at Queensland Universit…
- Processes for Enterprise-Wide Management of IT Resources
January 1, 2001
This seminar will provide an overview of a broad-based, participative, campus-wide governance structure for making IT decisions. It will present a detailed description of an IT strategic planning a…
- Clair Maple Address: Educational Economics: A New Accountability
January 1, 2001
For centuries, higher education has been characterized by opacity, not transparency. The revolution in technology makes the invisible visible, the intangible tangible, and the opaque transparent. I…
- Management Tips from a Four-Time CIO
January 1, 2001
This session will feature management models and lessons learned that help create successful partnerships with executive officers and other senior managers. We will discuss items important for CIO i…
- Building a Collaborative Web Team in a Distributed Computing Environment
January 1, 2001
What happens when an institution realizes that a Web site is more than an IT project? In 2000, Arizona State University expanded its Web development efforts by promoting inter-unit partnerships and…
- Assessing Your Information Technology Needs
January 1, 2001
In response to a changing educational and technological environment, Chancellor John T. Montford began a strategic initiative to ensure that Texas Tech is positioned to take advantage of the opport…