Policy categories & major topics

Potential major categories or topics of IT policy framework
(initial list 28 sept 2006 from Jon & Andrew)

Academic Freedom (ref. faculty handbook; libraries)

Intellectual Property: tech transfer; student conduct; acceptable use

Acceptable Use (current policy probably needs to be updated)

User Accounts (allocated quota, bumping quota, extension when terminated/graduated, how early are they set up, etc.)

Standards: Operational (hosts, servers, platforms, etc.); disaster recovery & risk mgmt

Email: spam/phishing

Data Security: (John Kemp/OUS); disaster recovery & risk mgmt; incident reporting

Privacy: update with general counsel; also: FERPA issues, HIPAA, proxy logs, cookies

Records Management & Retention (this is established -- challenge is communication & education

Accessibility (compliance with section 508)

Web Policy and Guidelines: see for example, Web Service models & Policies from other institutions

General (policy development process; policy feedback; consequences/penalties for violations; appeal processes)

See also Joe's running list of higher ed security (& other) IT policies, guidelines, & best practices.