Educause Security Discussion mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Best practice: IT polices and standards

From: "Dr. Wole Akpose" <wole.akpose () MORGAN EDU>
Date: Sun, 3 Oct 2010 09:37:37 -0400
I noticed you did not ask specifically for IT Security policy. We developed a policy and procedure for handling policy, 
standards etc development. Here’s the link to the document 
http://www.morgan.edu/Documents/Information%20Technology/OSCPolicies-Approved.pdf 

We are currently working on an update to our security policy to address current realities. I can send you a copy of the 
draft of that document if you wish.

Wole Akpose

From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Hugh 
Burley
Sent: Thursday, September 30, 2010 5:53 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] Best practice: IT polices and standards

 

We are required to comply with an institutional Policy Development and Approval Policy. 
http://www.tru.ca/__shared/assets/policydevelopmentapproval6000.pdf which is quite cumbersome. This has lead me to 
develop standards rather than policy for the majority of the University's Information Security controls.  Overall, the 
standards development and ratification process is much simpler, less time consuming and the resulting information is 
more accessible. http://www.tru.ca/its/infosecurity/Standards.html 

 

The key was developing a Board level Information Security program policy 
http://www.tru.ca/__shared/assets/brd16-115788.pdf that mandates adherence to procedures set by the CIO within a 
governance structure presented by the Information Security Committee.  

 

Regards,

 

 

 

Hugh Burley

Thompson Rivers University
ITS - Senior Technology Coordinator



Information Security Officer
BCCOL - 222D
250-852-6351




Nick Recchia <nprecchia () USFCA EDU> 9/30/2010 11:10 AM >>>

Hello Folks,

My department is currently planning to revamp our IT Policies. We lack consistency and I am striving to create a 
cohesive and uniform style for all IT polices and standards (current and new). 

There are varying ways University IT Policies are configured and structured - some very detailed and others not - I was 
wondering if any of you have a Policy template you find successful and would be willing to share your template. 
Further, perhaps you'd also be willing to share your interpretation of why you find your format success?

I am currently considering to appropriate Cornell University's style, but some aspects may be beyond our departmental 
abilities - note, we do not have a University Policy Office.

Please feel free to contact me direct.

Thank you for your time.

Sincerely,
Nick
-- 
Nicholas Recchia
Security Administrator
ITS - Security Services
 <http://infosec.usfca.edu> infosec.usfca.edu

Previous By Date Next
Previous By Thread Next

Current thread: