The Office of the Chief Information Officer has hit the reset button, re-establishing a campus-level information technology policy program after a 10-year gap with no central office function responsible for coordinating policy development and maintenance.

Laura Patterson, chief information officer, has assigned the responsibility for universitywide IT policy development and management to Information and Infrastructure Assurance (IIA), the IT security division of Information and Technology Services. University IT policies apply to all U-M IT resource users, including students, faculty, staff, and sponsored or guest users.

The initial charge by the Office of the CIO was to complete:

• An IT policy framework that documents the U-M policy process, along with the supporting governance structure and institutional accountability.

• A gap analysis of the existing U-M IT policy environment, including benchmarking against comparable U.S. campuses.

During the fall term, campus IT governance bodies, including the IIA Council, IT Council and IT Executive Committee, approved an IT Policy Development and Administration Framework, which specifies the process for drafting new — or revising old — IT policies.

The framework approval allows IIA to start the real work of policy development. This will include a review of existing policies, some of which likely need to be substantially revised or retired. Leading the IT policy effort is Sol Bermann, manager for privacy, IT policy, user advocate and enterprise continuity; Alan Levy is the IT policy and compliance lead.

IIA will coordinate IT policy and its development and dissemination including expanded education to improve campus awareness. It also will conduct reviews of existing policies for continued applicability and effectiveness and serve as the interpreter of current policy related to specific issues, situations, services and incidents across campus.

Several key drivers will help determine IT policy priorities. These include:

• U-M environment: Policies should align to core academic, research, learning and teaching, and administrative missions.

• NextGen Michigan: Policies should support the reinvention of information technology at U-M and respond to emerging technologies.

• Legal and regulatory environment: Policies should be in compliance with all statutory requirements.

• Ten-year-gap: Policies need to be updated to properly account for the decade during which U-M has not had a comprehensive IT policy function.

• Risk environment: Policies should satisfactorily account for an ever-changing array of environmental, technological and operational risks.

• Best practices: Policies should reflect industry and higher education best practices.

Tags:

• archive