Draft IT Policies "in Circulation"

UPDATE! May 2011.  This policy was approved on May 4, 2011 by the Chief Information Officer. Please check the final version under the "Approved" heading.  This page will be left for a few months for historical purposes.

UPDATED! November 15/10

Major IT Security Incident Management.  This new policy has been drafted and reviewed by the ITSC.  It is now at the 'Circulation Stage'. It was tabled at ISC on June 22nd and presented to ITSIG on September 16th. 

"Last call" for comments on the revised 'Circulation Stage' version of this draft policy (deadline = November 30).

Excerpt from Introduction:   "This Policy defines a standard University-wide process for managing major IT security incidents in advance of their occurrence, and provides guidance in initiating rapid responses and appropriate escalation when a major security incident does occur (or is suspected)."

This Policy provides a definition of "major IT security incidents", charters a ‘standby’ Information Security Incident Coordination Team (ISICT). Appendix 1 documents when the ISICT would be activated and may involve University administration, judicial processes, Campus Community Police, and technical resources.

 A PDF of the draft policy document is available here.  We welcome your feedback!