It Policies


Published on

Published in: Technology
  • Be the first to comment

It Policies

  1. 1. IT Policies What Policies do all IT Organizations need? November 2008 OC CIO Roundtable Andy King, Exemplis Corporation
  2. 2. Table of Contents <ul><li>Policy Defined </li></ul><ul><li>Some Reasons for IT Policies </li></ul><ul><li>Where it Fits in the realm of an IT organization </li></ul><ul><li>List of IT Policies </li></ul><ul><li>It looks like we should all have the following policies… </li></ul><ul><li>Discussion </li></ul><ul><li>Appendix </li></ul><ul><ul><li>Example of an IT Policy </li></ul></ul><ul><li>References </li></ul>
  3. 3. Policy Definition American Heritage Dictionary A plan or course of action, as of a government, political party, or business, intended to influence and determine decisions, actions, and other matters : As an example, an American foreign policy; the company's personnel policy. A course of action, guiding principle, or procedure considered expedient, prudent, or advantageous: Honesty is the best policy. Prudence, shrewdness, or sagacity in practical matters. The American Heritage® Dictionary of the English Language, Fourth Edition Copyright © 2006 by Houghton Mifflin Company. Published by Houghton Mifflin Company. All rights reserved.
  4. 4. Some Reasons for IT Policies <ul><li>To prevent abuse of IT resources, protect ownership and employees </li></ul><ul><li>Provide guidelines in decision making with IT management </li></ul><ul><li>Integrate with corporate governance </li></ul><ul><li>Meet regulatory, legal, and ethical requirements </li></ul>
  5. 5. Where IT Policies fit in an organization <ul><li>IT Governance Description: </li></ul><ul><ul><li>Used by Boards of Directors to evaluate, direct, and monitor the use of IT in their organizations </li></ul></ul><ul><li>IT Policy and Procedures Description: </li></ul><ul><ul><li>Used to describe specific IT related guidance and steps to conduct work actions and decisions </li></ul></ul><ul><li>IT Management Description: </li></ul><ul><ul><li>Used to implement business objectives in IT using direction from CIO/Head of IT, policies, and procedures </li></ul></ul>
  6. 6. Where IT Policies Fit CIO IT Governance IT Policies & Procedures IT Management Corporate Governance Company Policies & Procedures A significant cornerstone of the IT framework
  7. 7. List of IT Policies* <ul><li>Security (see next slide for details) </li></ul><ul><li>Network/Infrastructure </li></ul><ul><li>Hardware </li></ul><ul><li>Software </li></ul><ul><li>Residential Network </li></ul><ul><li>E-mail </li></ul><ul><li>External Vendors </li></ul>*Northwestern University Policies and Guidelines
  8. 8. Security Policy <ul><li>Data Encryption </li></ul><ul><li>Asset Disposal </li></ul><ul><li>Hub/Repeater/Wireless </li></ul><ul><li>Merchant Card Processing </li></ul><ul><li>Network Privacy </li></ul><ul><li>Reporting a Violation </li></ul><ul><li>Secure handling of social security numbers </li></ul><ul><li>Use and copying of computer software </li></ul><ul><li>Use of Computers, Systems, and Networks </li></ul>
  9. 9. List of just about every IT Policy I could find! <ul><li>IT Use Policy for EE’s </li></ul><ul><li>Internet Acceptable Use </li></ul><ul><li>Breach of Security Policy </li></ul><ul><li>Electronic Communication </li></ul><ul><li>Email List Server </li></ul><ul><li>Password </li></ul><ul><li>Server Usage </li></ul><ul><li>Software Installation </li></ul><ul><li>Printing </li></ul><ul><li>VPN </li></ul><ul><li>Wireless Network </li></ul><ul><li>General Policy </li></ul><ul><li>Security </li></ul><ul><li>Data Encryption </li></ul><ul><li>Reporting Observed Violations </li></ul><ul><li>Asset Disposal </li></ul><ul><li>Point of Sale </li></ul><ul><li>Secure handling of social security </li></ul><ul><li>Technology acquisition, development, and deployment of Information Technology </li></ul><ul><li>Bulk email approval </li></ul><ul><li>Virus and Spyware </li></ul><ul><li>External Vendor </li></ul><ul><li>Visitor Access </li></ul><ul><li>Anti-Malware </li></ul><ul><li>Lockdown </li></ul><ul><li>Privacy </li></ul><ul><li>Back up and restore </li></ul><ul><li>E-commerce </li></ul><ul><li>Domain controller </li></ul><ul><li>Mobile computing </li></ul><ul><li>IT management </li></ul><ul><li>Patch management </li></ul><ul><li>To ensure support of Business Continuity Planning </li></ul>Do you have any others?
  10. 10. Appendix: <ul><li>Policy Examples (see handouts) </li></ul><ul><ul><li>University of Michigan-Flint </li></ul></ul><ul><ul><li>The University of Tennessee </li></ul></ul><ul><ul><li>Murdoch University </li></ul></ul><ul><ul><li>Yale University </li></ul></ul><ul><ul><li>Northwestern University (Wow!) </li></ul></ul><ul><ul><li>Government of Bihar (Interesting) </li></ul></ul><ul><li>Services/Tools ( not an endorsement ) </li></ul><ul><ul><li>AltiusIT </li></ul></ul><ul><ul><li>BizManualz ( </li></ul></ul>
  11. 11. Reference Items: <ul><li> IT Governance Institute </li></ul><ul><li>The American Heritage® Dictionary of the English Language, Fourth Edition </li></ul><ul><li>British Standard ISO/IEC 38500:2008; Corporate Governance of information technology </li></ul><ul><li>Wikipedia: Information Technology Governance </li></ul><ul><li>ScienceDaily: Obama and McCain’s Technology Polices Examined </li></ul>