IT Policy Program

Purpose & Goals of IT Policy

The primary purpose of IT policy is to

• Protect Confidentiality, Integrity, and Availability: Provides a framework to safeguard the University's sensitive data (student, research, and employee information) and its IT resources from unauthorized access, loss, or damage.

• Ensure Legal and Regulatory Compliance: Meets all federal, state, and local laws and regulations concerning data privacy (e.g., FERPA, HIPAA), as well as contractual and copyright obligations.

• Support our Mission and Define Responsible Use: Aligns IT investments and management with the University's core mission and establish clear, ethical guidelines for the responsible use of all IT resources by the community.

Activities

• Policy Development and Strategic Guidance: Identifies campus-wide IT policy needs through analytical studies, develops new policies, and aligns them with the University's overarching operational and strategic goals.

• Stakeholder Engagement and Consensus: Collaborates broadly with campus leadership and stakeholders to gather input and achieve consensus for policy creation and adoption.
• Dissemination and Education: Coordinates the widespread distribution of policies and leads educational initiatives to ensure the University community understands and can adhere to them.

Benefits

• Risk Mitigation and Compliance: Ensures adherence to all legal, regulatory, and UC Systemwide mandates through clear, campuswide policies, significantly reducing risks such as fines, legal issues, and data breaches.

• Strategic Governance and Consistency: Establishes a unified IT policy voice for the CIO, manages the policy roadmap and processes, and aligns IT policies with the University's operational and strategic goals to prevent gaps and inefficiencies.

• Community Awareness and Adoption: Drives successful policy adoption by leading education and dissemination efforts, ensuring the campus community understands its responsibilities and fosters compliance.