Re: Best practice: IT polices and standards

[Kimberly Heimbrock <heimbrockk () NKU EDU>]

I have attached a copy of one of our policies…we began by using the SANS template and tried to keep ours simple but 
comprehensive.    After all, a Policy is only as good as it is known and understood.  Too much  legal jargon and 
everyone skips the message, looking for the “I accept” button  J   We have established several policies now that follow 
the same look, feel, consistency.  Still not sure how many people read / understand / abide by them, which is another 
whole topic altogether!

 

 

Kim Heimbrock

Director, IT Policy and Compliance

Northern Kentucky University

(859) 572-5139 

heimbrockk () nku edu

www.nku.edu

 

 

 

From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Nick 
Recchia
Sent: Thursday, September 30, 2010 2:11 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] Best practice: IT polices and standards

 

Hello Folks,

My department is currently planning to revamp our IT Policies. We lack consistency and I am striving to create a 
cohesive and uniform style for all IT polices and standards (current and new). 

There are varying ways University IT Policies are configured and structured - some very detailed and others not -  I 
was wondering if any of you have a Policy template you find successful and would be willing to share your template. 
Further, perhaps you'd also be willing to share your interpretation of why you find your format success?

I am currently considering to appropriate Cornell University's style, but some aspects may be beyond our departmental 
abilities - note, we do not have a University Policy Office.

Please feel free to contact me direct.

Thank you for your time.

Sincerely,
Nick
-- 
Nicholas Recchia
Security Administrator
ITS - Security Services
infosec.usfca.edu <http://infosec.usfca.edu>

Attachment: IT SECURITY Policy.doc
Description: IT SECURITY Policy.doc