The document discusses the importance of having IT policies for organizations. It provides reasons for developing IT policies such as preventing abuse of resources, protecting ownership and employees, and meeting regulatory requirements. The document also outlines where IT policies fit within an organization's overall governance structure and lists examples of common IT policy topics such as security, network infrastructure, software, and email policies.

1. IT Policies What Policies do all IT Organizations need? November 2008 OC CIO Roundtable Andy King, Exemplis Corporation

2. Table of Contents Policy Defined Some Reasons for IT Policies Where it Fits in the realm of an IT organization List of IT Policies It looks like we should all have the following policies… Discussion Appendix Example of an IT Policy References

3. Policy Definition American Heritage Dictionary A plan or course of action, as of a government, political party, or business, intended to influence and determine decisions, actions, and other matters : As an example, an American foreign policy; the company's personnel policy. A course of action, guiding principle, or procedure considered expedient, prudent, or advantageous: Honesty is the best policy. Prudence, shrewdness, or sagacity in practical matters. The American Heritage® Dictionary of the English Language, Fourth Edition Copyright © 2006 by Houghton Mifflin Company. Published by Houghton Mifflin Company. All rights reserved.

4. Some Reasons for IT Policies To prevent abuse of IT resources, protect ownership and employees Provide guidelines in decision making with IT management Integrate with corporate governance Meet regulatory, legal, and ethical requirements

5. Where IT Policies fit in an organization IT Governance Description: Used by Boards of Directors to evaluate, direct, and monitor the use of IT in their organizations IT Policy and Procedures Description: Used to describe specific IT related guidance and steps to conduct work actions and decisions IT Management Description: Used to implement business objectives in IT using direction from CIO/Head of IT, policies, and procedures

6. Where IT Policies Fit CIO IT Governance IT Policies & Procedures IT Management Corporate Governance Company Policies & Procedures A significant cornerstone of the IT framework

7. List of IT Policies* Security (see next slide for details) Network/Infrastructure Hardware Software Residential Network E-mail External Vendors *Northwestern University Policies and Guidelines

8. Security Policy Data Encryption Asset Disposal Hub/Repeater/Wireless Merchant Card Processing Network Privacy Reporting a Violation Secure handling of social security numbers Use and copying of computer software Use of Computers, Systems, and Networks

9. List of just about every IT Policy I could find! IT Use Policy for EE’s Internet Acceptable Use Breach of Security Policy Electronic Communication Email List Server Password Server Usage Software Installation Printing VPN Wireless Network General Policy Security Data Encryption Reporting Observed Violations Asset Disposal Point of Sale Secure handling of social security Technology acquisition, development, and deployment of Information Technology Bulk email approval Virus and Spyware External Vendor Visitor Access Anti-Malware Lockdown Privacy Back up and restore E-commerce Domain controller Mobile computing IT management Patch management To ensure support of Business Continuity Planning Do you have any others?

10. Appendix: Policy Examples (see handouts) University of Michigan-Flint The University of Tennessee Murdoch University Yale University Northwestern University (Wow!) Government of Bihar (Interesting) Services/Tools ( not an endorsement ) AltiusIT BizManualz (www.bizmanualz.com)

11. Reference Items: http://www.itgi.org/ IT Governance Institute The American Heritage® Dictionary of the English Language, Fourth Edition British Standard ISO/IEC 38500:2008; Corporate Governance of information technology Wikipedia: Information Technology Governance ScienceDaily: Obama and McCain’s Technology Polices Examined