Conferences & Events
Events for all Levels and InterestsStay
Jump Start Your Career GrowthStay
Get on the Higher Ed IT MapStay
Uncommon Thinking for the Common Good™Stay
Filter by type
- Agreements or Contracts (2)
- Articles, Briefs, Papers, and Reports (473)
- Bibliography (1)
- Blogs and Wikis (34)
- Books and Monographs (2)
- Certification, Education, Training and Tutorials (12)
- Effective Practices (6)
- Government Documents, Laws, Testimonies or Reports (50)
- Plans and Guidelines (16)
- Policies and Procedures (295)
- Presentations and Seminars (29)
- Programs and Projects (6)
- Surveys (2)
- Tools (13)
- Videos (6)
- Web Sites (10)
Filter by Publications
Filter by Library Taxonomy
- Policy and Law [x]
- Copyright Infringement (155)
- Copyright (132)
- Acceptable and Responsible Use Policies (102)
- Privacy (93)
- Campus Policy and Law (70)
- Security Policies (67)
- Privacy Policies (66)
- Intellectual Property (55)
- Fair Use (54)
- Net Neutrality (54)
- Family Educational Rights and Privacy Act (FERPA) (53)
- Federal Privacy Law (53)
- Cybersecurity Policy (52)
- Cybersecurity (183)
- Information Technology Management and Leadership (91)
- Teaching and Learning (81)
- Infrastructure and Emerging Technologies (58)
EDUCAUSE IT Governance, Risk, and Compliance Program
Governance, risk, and compliance (GRC) issues increasingly pervade higher education information technology. As institutional investment in IT and reliance on information systems have grown, so has the need for reliable structures and measures to ensure success and minimize failure.
IT GRC programs develop a framework for the leadership, organization, and operation of an institution's IT programs. This framework can be used by IT staff to ensure that their programs support and enable the institution's strategic objectives. The EDUCAUSE IT GRC program provides resources that help you define and implement IT GRC activities on your own campus.
A member advisory board, member working groups, and representatives from complementary organizations advise EDUCAUSE in the development of best practices, toolkits, and case studies. EDUCAUSE-conducted research will benchmark how higher education institutions are currently approaching IT GRC practices. New resources will be added to this page as they are developed.
To learn more or to contribute to the higher education IT GRC body of knowledge, contact us at GRC@educause.edu
- IT Governance, Risk, and Compliance in Higher Education, ECAR Research Study, June 2014. This study benchmarks how higher education institutions are approaching IT GRC practices. (ECAR Subscription Required)
- Leveraging Enterprise Risk Management: Opportunity for Greater Relevance, EDUCAUSE Review, December 6, 2013. Even though enterprise risk management (ERM) engages the entire higher education institution, IT organizations have an opportunity to use ERM to move beyond a services function toward providing strategic value to the institution.
- Learning While Doing: Two Institutions’ Practical IT Risk Management Experiences, ECAR Research Bulletin, July 29, 2013.
- Top-10 IT Issues, Policy Implications, and Managing Risk, EDUCAUSE Blog, June 24, 2013.
- IT Risk Management: Try This Exercise at Your Institution, EDUCAUSE Review Online, June 30, 2013.
- IT Risk Management Poll Results, April 2013.
- Managing IT Risk in Higher Education: A Methodology, ECAR Research Bulletin, March 18, 2008.
- Governance, Risk, and Compliance: Why Now? EDUCAUSE Review, December 6, 2013. Governance, risk, and compliance (GRC) programs intend to develop a framework for the leadership, organization, and operation of the institution's IT areas to ensure that those areas support and enable the institution's strategic objectives.
- The Foundations of a High-Performance ITS Organization, EDUCAUSE Live! May 2014. This webinar explores how to develop a framework for an IT strategic planning process and implement it, how to design a governance structure for Project Portfolio Management and implement a PPM model, and how to implement a process to craft vision and mission statements for the organization.
- Speaking the Same Language: Building a Data Governance Program for Institutional Impact, EDUCAUSE Review, December 6, 2013.
- Starting the Conversation: University-wide Research Data Management Policy, EDUCAUSE Review, December 6, 2013.
- Boston University Information Services and Technology Governance Model, October 10, 2013,
- Making the Case for the Information Strategy, ECAR Bulletin. September 6, 2011.
- Leading the Higher Education IT Organization: Six Building Blocks of Success, EDUCAUSE Review, May 31, 2011.
- Making IT Governance Work, ECAR Bulletin, October 5, 2010.
- Decentralized IT Governance and Policy in Higher Education, ECAR Research Bulletin, March 10, 2009.
- Process and Politics: IT Governance in Higher Education, ECAR Research Report, July 21, 2008.
- Queensland University of Technology: Three Generations of IT Governance (and Counting), ECAR Case Study, July 25, 2008.
- Reforming IT Governance at Berkeley: Introducing an Enterprise Perspective to a Decentralized Organization, ECAR Case Study, July 25, 2008
- From 2004-2012 IT governance was in various positions of the EDUCAUSE top ten issues, http://www.educause.edu/educause/visualizations/vis1/index.html
For additional resources see the library Items tab on the "IT Governance" page
- Higher Education IT Compliance through the Prism of Risk Controls,EDUCAUSE Review, December 6, 2013. Only through collaborative compliance and risk discussions can appropriate decisions be made about both the everyday activities and the transformative new technologies that are or will be available to the higher education institution of 2020.
- Higher Education Information Security Council, Information Security Guide, Compliance Chapter, EDUCAUSE/Internet2
- Privacy, Security, and Compliance: Strange Bedfellows, or a Marriage Made in Heaven?, EDUCAUSE Review, January 28, 2013.
- The Policy Process Life Cycle, EDUCAUSE Review, March 20, 2009.
- Higher Education Compliance Alliance, was created by the National Association of College and University Attorneys (NACUA), in partnership with thirty other higher education associations, to provide the higher education community with a centralized repository of information and resources for compliance with federal laws and regulations.
For additional resources see the library Items tab on the "Compliance" page
Library Items on this Topic
EDUCAUSE Library Items for Risk Management
- University-wide ICT Policies
August 25, 2014
The Univeristy of the West Indies University-wide ICT Policies The Univeristy of the West Indies University-wide ICT Policies …
- IT Security Questionnaire/IT Standards and Requirements Questionnaire
July 14, 2014
The University of Missouri IT Standards and Requirements Questionnaire (ITSRQ), currently in draft form, is predominantly focused on SaaS solutions although it can be readily adapted for other pu…
- Browsing the Web More Securely and More Privately With Firefox On Your Mac
April 28, 2014
This document is meant to help moderately technical users who are security- and privacy-focused make progress toward achieving online security and privacy goals when using an Apple Mac with the M…
- Web Accessibility Toolkit
May 16, 2014
This Association of Research Libraries (ARL) toolkit was created to promote the principles of accessibility, universal design, and digital inclusion. As well as help research libraries achieve di…
- Boston University Data Protection Standards
March 21, 2014
Boston University Data Protection Standards were created with the input and approval of the Information Security and Business Continuity Governance Committee and are intended to help the Unive…
- Columbia University Administrative Policy Library: Computing and Technology
March 21, 2014
Columbia University: Administrative Policy Library Computing and Technology website Columbia University: Administrative Policy Library Comput…
- Northeastern University Security Policies and Programs
March 21, 2014
Northeastern University's Security Policies and Programs website consists of several IT policies e.g., Acceptable Use Policy, Written Information Security Program and Northeastern Univers…
- University of Northern Colorado Information Management and Technology: Standards, Policies & Procedures
March 21, 2014
The University of Northern Colorado provides information technology resources to a large and varied group, including faculty, staff, students and guests. All members of this community are respo…
- Wellesley College Stewardship of Electronic Content Policy
February 27, 2014
The Wellesley College Stewardship of Electronic Content Policy establishes the exceptions to electronic content privacy at Wellesley College, including the retention of and access to electronic…
- Distance Learning, Distant Courtrooms
November 21, 2013
The authors, Luke M. Cornelius and Terence W. Cavanaugh, discuss the issue of distance education legal disputes between institutions in one state and learners in another state or country, where w…