Policy Pickles at Sueme U Seminars in Academic Computing 2005 – Case 5

Policy PicklesPolicy Pickles at Sueme U at Sueme U

Seminars in Academic Seminars in Academic Computing 2005 – Case 5Computing 2005 – Case 5

Case 5 Team

Lavon Frazier, WSU Chris Haile, SUNY at Albany Eileen Heveron, National Brad Hough, Covenant Sem. Pam McQuesten, Cal State

Presentation Overview

Background Findings Recommendations Action Plans



Institution

Comprehensive state institution 17,000+ students

60% commuter, 40% residential 3,000+ faculty and staff Dramatic growth in past 10 years Strong centralized IT Services

Situation

New (first) CIO Generally good IT infrastructure Isolated complaints about IT

related problems Minimal IT policies in place CIO recognizes seriousness of

situation

CIO’s Assessment

General IT policies in place, but even those are loose• No signature required on AUP• Passwords changes not required• No rules for use of services (e.g.,

mass emails by all, private servers) Experiencing bandwidth problems

CIO’s Assessment (cont.)

Access to network and data not appropriately controlled• Labs open for public use• Access requests granted by IT staff

Exceptional number of copyright violation notices

Issues of academic freedom



Consultant Findings

CIO’s assessment is valid Situation extends beyond the IT

department to entire campus Policies are inadequate Risk is high

Consultant Findings (cont.)

Existing policy framework will serve the institutional needs• Regular policy review (policy owner

is responsible, at least every 3 years)

• Policies/changes proposed to President’s Cabinet

• Approved by Cabinet and President



Recommendations

Put needed IT policies in place• Create IT Policy Council • Agree on guiding principles• Develop needed policies

Educate university community to gain compliance

IT Policy Council

Representation from every major constituency group• Faculty, staff, and students• University citizens (not technical reps)• Ability to see the big picture

Review and recommend policy and policy changes

May develop institutional standards

Guiding Principles

Policies need to be developed in light of the university’s mission

Institutional data is a strategic asset

Network is a community resource Policies must balance academic

freedom, security, and privacy

Policy Development Priorities

Appropriate Use Policy Data Policy Network Policy Digital Copyright Policy Intellectual Property Policy Web Policy E-mail Policy

Policy Format

Business need for the policy Policy statement itself Complete explanation of policy Consequences for violations Identification of policy owner Appendix with current standards

Policy Enforcement

Clearly state consequences in the policy

Use existing disciplinary procedures based on the person’s role at the institution

Policy Education

Announcement by the President Published on web and in campus

newspaper(s) Reinforced by policy owner

through multiple channels Policy awareness/education as

ongoing IT activity



Action Plans

Take immediate measures to mitigate risk• Build awareness of risk with IT staff to

gain their buy-in for change• Notify President’s Cabinet that CIO is

taking immediate mitigation actions• Tighten IT practices

Conduct review of current departmental issues

Action Plans (cont.)

Begin to educate stakeholders about departmental and institutional issues

Build stakeholder awareness of the problem of lack of policies – Dean’s Council, Faculty Senate, President’s Cabinet, etc.

Review IT policies at peer institutions

Action Plans (cont.)

Gain buy-in from VPs for IT Policy Council

Begin series of regular executive briefings for mid- and senior-level managers

Policy Pickles at Sueme UPolicy Pickles at Sueme U

Questions?

Documents

Policy Pickles at Sueme U Seminars in Academic Computing 2005 – Case 5