Policy Update

EDUCAUSE and IT Policy—Adapting to Change, Responsive to Members’ Needs

October 24, 2013—With member input and board guidance, EDUCAUSE “policy” is more clearly defined and more broadly distributed than residing in a single “office.” As IT and its uses in higher education have evolved, so has our approach to the diverse activities that have often been labeled as “policy.” EDUCAUSE IT policy has traditionally consisted of three elements:

  • Federal policy monitoring and response
  • Campus policy support
  • Compliance-related activities

Historically, most of EDUCAUSE’s investment in IT policy work has been at the federal level. Much of that work was focused on the FCC. In the past few years, a broader range of policy issues (federal, campus, and compliance related) have emerged due to information technology. For example, the use of IT to deliver distance education catalyzed the growth of online learning, which has led to a variety of policies and regulations such as state authorization of distance education and questions about accreditation.

Because of the diversity of issues related to information technology and their increasing complexity, EDUCAUSE situates its policy work with in-house and member experts, in the framework that is most effective. A few examples illustrate our approach.

  • The .edu domain policy continues to be a focus. Jarret Cummings leads the .edu team and is based in the Washington office.
  • E-learning is an increasing focus. Those involved in e-learning policy include Malcolm Brown (Director of the EDUCAUSE Learning Initiative), Diana Oblinger (President and CEO), and Jarret Cummings (Director of External Relations). The work involves not only monitoring federal policies and helping with campus policies but also working with other organizations and alliances such as the e-Learning Alliance, accreditors, the U.S. Department of Education, and other associations (e.g., UPCEA and WCET), as well as foundations and think tanks.  
  • Security has been a critical policy area. Our roots are in HEISC (the Higher Education Information Security Council). We recently expanded our relationships, becoming part of SecuriCORE, to ensure that EDUCAUSE and our members are linked directly to the work of the REN-ISAC and Internet2. Rodney Petersen is working with SecuriCORE as Senior Policy Advisor. Joanna Grama, former information security policy and compliance director at Purdue University, is now working with HEISC. In addition, we are building an IT Governance, Risk, and Compliance (GRC) program that will allow us to address a broader range of issues. Grama is leading that program. In addition, ECAR working groups include security in their areas, and the Core Data Service has a module entirely devoted to security.

EDUCAUSE is doing more policy work in ways that are more helpful to members. In the summer we asked EDUCAUSE members what was most valuable to them in various policy areas. The member response was that IT compliance and campus policy activities were the priorities that required additional attention. Shaping federal policy was seen as less valuable.

The EDUCAUSE board has engaged in the evolution of “the Policy Program,” advising that a shift to governance, risk, and compliance is both timely and needed by members. They have explored the various elements of “policy work,” noting that an important element is “external relations,” or interacting with other associations, organizations, and agencies. Earlier this year, we explicitly identified external relations as a focus to ensure IT issues and efforts are well integrated with others. For example, addressing the future of administrative systems is not just an IT issue—it involves functional units, such as finance. Our external relations work involves other associations and joint working groups, such as our administrative systems work with NACUBO.

When members talk about “policy,” they sometimes mean they want to be alerted to new policy and regulatory developments affecting IT. They want to know an issue is on the horizon, how it might affect them, and how to respond, if necessary. To monitor and respond to federal and state policy and regulatory developments, EDUCAUSE is

  • engaging a group of policy professionals to monitor policy developments in strategic areas such as cybersecurity and e-learning policy;
  • continuing the EDUCAUSE Policy Digest, with material from a variety of sources, including EDUCAUSE staff and a new member-editorial team; and
  • establishing an ad hoc Advisory Committee on Legislative and Regulatory Affairs. The committee will consist of 8–12 community members (including CIOs, IT policy officers, IT compliance officers, et al.) who will help EDUCAUSE identify and prioritize the policy issues to monitor and pursue, advise on and assist with responses to particular policy developments, and suggest topics for the Policy Digest.

So, even as EDUCAUSE works to address the community’s IT governance, risk management, and compliance needs, we will maintain an active policy monitoring and response capability.

EDUCAUSE will manage such efforts as it always has—surfacing concerns and convening members and higher education representatives to address them as appropriate. The efficiency and effectiveness gained through engaging professional policy services, guided by member experience and input, will enable EDUCAUSE to expand our previous policy activities to include risk management. Program development is already under way, and EDUCAUSE will provide further updates on both IT-GRC and policy as our work continues.