By Jane R. Elgass

Editor’s Note: Subsequent Record articles will detail progress made on the recommendations.

A special Universitywide committee charged last winter by Provost Gilbert R. Whitaker Jr. to explore policies in support of the University’s “electronic community” has released a report detailing a number of recommendations to be considered as the U-M moves from a mainframe to a distributed computing environment.

In response to the provost’s charge, the Information Technology Policy Committee (ITPCSPEC) worked “to determine if existing policies are adequate, have been well promulgated and are currently being effectively implemented,” the report states.

Five major issues underlie the committee’s recommendations:

—The increasingly distributed nature of the University’s information technology environment affects the requirements, configuration, design, and use of hardware and software. There is a parallel need for operating policies and procedures that reflect the unique attributes and “openness” of this environment.

—Because of the dynamic nature of the technology, the laws surrounding its use and the way services are provided, the University’s policies should be as general as possible.

—Policies should be unified in a hierarchical structure. There should be an overall policy subscribed to by all units on all three campuses. Units should in turn, if necessary, have additional policies and procedures that reflect the specific environment or community of interests.

—A major goal of institutionalized policy should be to encourage, if not ensure, collegial behavior, as well as to provide for orderly and equitable provision of services.

—There must be an institutionalized means of clear, consistent and recurrent communication to both users and suppliers of information technology about the nature of the policies, the applicability of federal and state laws to various uses of the technology, the expectations about the security of the systems and levels of service, and the responsibilities of the members of the University community in its use.

Whitaker complimented the committee for its efforts and noted that its “task was an important one that has laid the groundwork for change and increased awareness of the many issues surrounding electronic communication.”

“This is particularly important as we move to a more decentralized approach in the use of electronic resources, and the committee’s efforts will help us create effective policies and procedures campuswide.”

Committee chair Stephen M. Pollock, professor of industrial and operations engineering, is “pleased with the specific set of recommendations the group set forth because they can be followed.”

He also notes that the process the committee went through was almost as important as the product it produced. “Staff in ITD reacted in a very positive way to information gathering, and this was very helpful to us.”

Much of the burden for implementing the recommendations will fall on ITD, headed by Douglas E. Van Houweling, vice provost for information technology.

He notes that the group’s study of the policies “has been extremely useful, very helpful to us as we do a number of things across the University. We have guidance to take the right policy steps that will make maximum beneficial use of the technology.

“I was especially impressed with the committee’s effort and thoughtfulness, and the timely manner in which it completed its work,” Van Houweling says. “The committee has insightfully and knowledgeably focused attention on the realities—both the problems and the opportunities of the future environment—by highlighting important general issues.”

In addition to Pollock, committee members were Daniel E. Atkins III, dean, School of Information and Library Studies; Wendy P. Lougee, head, Graduate Library; Robert W. Moenart, comptroller and director of financial operations; Deborah J. Oakley, professor of nursing; Donald E. Riggs, dean, University Library; Jay T. Runkel, graduate engineering student; Daniel H. Sharphorn, assistant general counsel; Mary Ann P. Swain, who has since left the U-M; Ctirad Uher, LS&A associate dean for research, computing and facilities; Paul R. Vegoda, chief information officer, U-M Hospitals.

Michael D. Cohen, professor of political science and public policy; Seth M. Johnson, graduate student in public policy; and Joan H. Lowenstein, lecturer in communications, served as consultants. Staff support was provided by Virginia E. Rezmierski, ITD assistant for policy studies.

For a copy of the report, call 763-0191.

Recommendations of the ITPC special committee

The six areas Whitaker asked the ITPCSPEC to consider and the group’s recommendations follow.

1. The role of conferencing in research, teaching and social activities, especially the propriety of access to and funding of private electronic conferences for social purposes.

Recommendations:

Conferences for research, teaching and administrative activities should be encouraged and should be funded by appropriate sources.

Conferences to enhance social activities should continue to be made available.

Resources managers should be advised about managing equipment and personnel resources that are allocated to the use and maintenance of conferencing.

Unit managers should be responsible for managing the amount of the unit’s resources allocated to various types of conferencing.

The Guidelines on Effective Conferences should be strengthened by references to relevant portions of the Proper Use Policy.

Each conference should have an organizer responsible for the conference and who participates in the conference, to keep the discussion focused and within the bounds of University policy and guidelines.

A mechanism for registering all conferences should be established.

Conference organizers should be trained in conference management and educated about University policies and guidelines on the use of conferences.

University administrators should not monitor the content of conferences.

2. The current policies governing information technology services provided by ITD and other service units, and mechanisms used to communicate and enforce these policies to the user community.

Recommendations:

The Executive Computing Committee should charge ITPC to develop policies governing the proper use of information technology resources in the distributed environment.

The framework of proper use policies, and additional unit- or service-specific policies if necessary, should be clarified.

An ongoing plan to ensure user awareness should be developed, including strategies to periodically remind individuals of policies and revisions.

The roles and responsibilities of ITD and other unit staff, system administrators, postmasters, etc., should be clarified and documented.

Emergency response capabilities should be developed for the distributed computing environment to ensure system security and stability.

3. Computer access to materials that may be illegal or may violate community standards of expression, and the funding of such access.

Recommendation: Develop and implement a plan to disseminate the policy interpretation and to ensure campus awareness of the issues.

4. Security and privacy of electronic communication. Are units observing appropriate policies and practices to safeguard the communications? Is the community adequately informed of the limits to security and privacy?

Recommendations:

Universitywide discussion is needed to better understand electronic communication and its implications for the ways in which we conduct our business and carry out our institutional mission.

Electronic mail policies should be reviewed and modified, as appropriate, to gain acceptance and adoption.

ITPC should look to procedures for authentication and archiving of electronic communications so that members of the University can conduct business electronically.

Decision on technical aspects of security should weigh carefully the legitimate and competing demands of privacy and access.

5. ITD policies and procedures related to staff access to and use of information technology resources. Are there appropriate policies in place, are they being appropriately administered?

Recommendations:

A unified set of policy statements should be created within ITD and other possible providers to make clear the relationships between policies.

All ITD memos involving policy interpretations, procedural matters should come from an individual.

A management plan is needed to ensure that all ITD employees are aware of and agree to follow policies that apply to them.

Managers should widely distribute policy statements and quickly implement policy revisions.

General Fund money should be used only for “official” business. Social or casual use of computing resources should be limited to appropriate sources.

Access to resources by “alumni” (former students, ITD employees, faculty members, etc.) users should be limited to a designated transition period.

A procedure should be developed for periodically notifying all account holders of the accounts for which they are responsible, and identifying multi-user accounts and those which have shown little or no recent activity.

6. Relationships with external service providers and consultants that support ITD activities.

Recommendations:

A policy on internally-developed products should address the transition from a research or exploratory development project to a real product on which many people depend, the formalities that need to be observed during the transition, responsibilities that should remain with the creator, and responsibilities that should be assumed by University employees.

Criteria need to be developed to determine: when an experimental capability becomes a production system, when a product becomes a critical resource to an appreciable portion of the University community, when the relationship with a developer changes—from student, employee, vendor, etc.

There should be a clear understanding in future agreements concerning the system access rights provided to both internal and external system developers.

The level of accountability expected from specialists who are not employees should be explicitly discussed and agreed to as part of contractual agreements.

Unit policies on contractors and vendors should be consistent with University policy.

Tags:

• archive