Using information technology is integral to how the university conducts its business. The institution provides direction and guidance regarding the fundamental use of IT on its campuses through the following channels:
• IT policies are mandatory across the university, and articulate the university’s values, principles, strategies and positions relative to a broad set of IT topics. They are designed to guide organizational and individual behavior and decision-making. Policies strive to be concise, high-level and independent of a given technology, and are reflected in the U-M Standard Practice Guide.
• IT standards are mandatory across the university, and specify requirements for becoming compliant with university IT policies, other university policies, as well as applicable laws and regulations. Standards may include technical specifications.
• IT guidelines are not mandatory. However they provide guidance and best practices relative to a particular topic. They may accompany, interpret or offer assistance for implementing policies, other university policies or applicable laws and regulations.
• IT procedures may or may not be mandatory depending on the situation or application. They document how to accomplish specific tasks or use services. Procedures may be localized to reflect the practices or requirements of a specific unit.
The U-M IT Policy Development and Administration Framework documents the policy process the Office of the CIO follows, along with the supporting governance and executive officer review and approval.
Key drivers that determine IT policy priorities include aligning to the university’s academic, research, teaching and learning, clinical and administrative missions; supporting the IT Strategic Plan; addressing legal and regulatory requirements; and responding to environmental, technological and operational risks.