Purpose & Goals of IT Policy
The primary purpose of IT policy is to:
- Protect Confidentiality, Integrity, and Availability: Provides a framework to safeguard the University's sensitive data (student, research, and employee information) and its IT resources from unauthorized access, loss, or damage.
- Ensure Legal and Regulatory Compliance: Meets all federal, state, and local laws and regulations concerning data privacy (e.g., FERPA, HIPAA), as well as contractual and copyright obligations.
- Support our Mission and Define Responsible Use: Aligns IT investments and management with the University's core mission and establishes clear, ethical guidelines for the responsible use of all IT resources by the community.
Activities
- Policy Development and Strategic Guidance: Identifies campus-wide IT policy needs through analytical studies, develops new policies, and aligns them with the University's overarching operational and strategic goals.
- Stakeholder Engagement and Consensus: Collaborates broadly with campus leadership and stakeholders to gather input and achieve consensus for policy creation and adoption.
- Dissemination and Education: Coordinates the widespread distribution of policies and leads educational initiatives to ensure the University community understands and can adhere to them.
Benefits
- Risk Mitigation and Compliance: Ensures adherence to all legal, regulatory, and UC Systemwide mandates through clear, campuswide policies, significantly reducing risks such as fines, legal issues, and data breaches.
- Strategic Governance and Consistency: Establishes a unified IT policy voice for the CIO, manages the policy roadmap and processes, and aligns IT policies with the University's operational and strategic goals to prevent gaps and inefficiencies.
- Community Awareness and Adoption: Drives successful policy adoption by leading education and dissemination efforts, ensuring the campus community understands its responsibilities and fosters compliance.
