Minutes for Meeting of 27 October 2006

Information Technology Policy Task Force

Meeting of 27 October 2006
9 -10 am, Computing Center rm 185
in attendance:Andrew Bonamici, Jon Miyake, Melinda Grier,
Noreen Hogan, Cleven Mmari, Erin O’Meara, Joe St. Sauver

absent: James Bailey, Randy Geller, Josh Ward

1. Introductions

2. Review Charge & Anticipated Scope of Work
discussion:
a. How will we determine what is “policy” and what is “procedure?” We looked at the BAO policy evaluation guidelines as a potential filter. Also, the Oct 2005 “Computer Use Policy” draft delineates between policy (pages 1 – 5) and “General Guidance” (p 6 – 10), with the intent that the policy sections will undergo relatively little change over time, while the procedural guidelines need to stay flexible in order to accommodate new tachnlogies, new organizational structures, etc.

b. Suggested additions to the “Policy Resources” area:
e-commerce policy (Jon)
OUS security policy [forthcoming?] (Jon)
OUS e-mail policy [forthcoming] (Erin)

3. Communications Plan:
Q: should we use Basecamp for secure TF work, with output posted to public site on uoregon.edu?
A:The committee agreed that this is an acceptable system for communication. [n.b. If task force members have questions about logging in or using the basecamp system, contact Andrew]

4. Review Randy’s “Computer Use Policy” draft:
Andrew gave some background from Randy on the origins of this document. Several years ago, the campus had some litigation in IT-related areas that were apparently not covered by existing policy. This prompted legal affairs to start drafting a more comprehensive policy framework.
Q: This document extends beyond “computer use” per se to encompass web policies, privacy, records policies, etc. Should it be re-named to serve as a starting point overall “IT Policy”?
A: Yes, we can do this.

Q: to what extent does the draft address Task Force charges 1 – 3?
A. we didn’t discuss this specifically

Q: if the TF identifies gaps that are not already addressed in this draft, should they be folded into this policy or should separate policies be developed?
A: let’s assess this case-by-case. One missing element is a policy for IT support of quasi/non-UO entities (Bookstore, UO Foundation, nonprofits, etc.). Also, do we need a section about authorized users who are not part of the UO community (for example, library patrons who are either onsite or accessing library resources over the network)? This is different than a guest account per se.

Q: are there ways of reorganizing elements of the draft for optimal presentation to the community? (see UMN example)
A: We agreed that the document is very long. For the public, each section should be presented separately, since most users will be looking for information on one topic at a time.

Other feedback on the draft:
a. There may be current standard checklists for some categories, so we should identify high-quality examples from other institutions and compare against these to be sure we aren’t missing anything.
b. There is some language in the draft (for example, supervisor access to accounts in the privacy section) that will be of great concern to campus stakeholders and will need to be carefully surrounded with procedural checks and balances.

5. Other agenda items?
Jon is finalizing the itpolicy@lists.uoregon.edu listserv. This will be an unmoderated closed list. Question: do we want the list archive to be public, and linked from our public page?

Sharing the work: Andrew will draft a worksheet to help provide a consistent basis for inventory and review of existing policies. This can include the BAO policy evaluation guidelines to help determine if the item should be treated as a policy or as a procedural guideline.

6. Next Meeting Schedule:
Friday mornings seem best for today’s attendees. We will follow up with e-mail.