IT Policy Development Process
As approved by ITSC, June 2009.
A complete policy development process articulates the protocols for creating new policies (including a defined practice for consultation, dissemination, approval), and provisions for monitoring/compliance, and periodic review/refresh of existing policies. The following outlines the development phases for new policies from initiation through approval. Policy compliance/monitoring, and periodic review/refresh are outside the scope of this document.
The following process reflects the anticipated regular methodology for new IT policy development. ITSC and the CIO may abbreviate and/or expedite the process when operationally required.
The CIO will table at the Information Technology Steering Committee (ITSC) the goal and objective for proposed new IT policies and recommended updates to existing policies. ITSC will advise the CIO on the priority of the proposed/updated policy for developing an ‘Initial Draft’. The CIO will sponsor and initiate the drafting process by formally assigning the responsibility to an individual or ad hoc group with an expected timeline for response.
2. Initial Draft:
The designated individual/group will conduct sufficient research and consultation with stakeholders and technical experts to craft an ‘Initial Draft’ and suggest a classification as IT policy, standard or guideline. The CIO will table the ‘Initial Draft’ for review and comment by ITSC, prior to publishing and circulating to the university community at large.
Subsequent to ITSC’s comments and recommended revisions to the ‘Initial Draft’, a ‘Circulation Draft’ document will be circulated. Circulation will specifically include the Information Services Council (ISC), IT Special Interest Group (ITSIG), and posting on the CIO’s web-site. Revisions to the ‘Circulation Draft’ will be coordinated by the CIO, recognizing that multiple iterations may be required.
4. Final Draft:
The CIO will liaise with affected academic and administrative stakeholders and the community at large as necessary, prior to submission of a ‘Final Draft’ to ITSIG, ISC, ITSC, VPAC and VPAT for information and comment. ‘Final Drafts’ will be posted for information on the CIO’s web-site. ‘Final drafts’ will include clear accountabilities, monitoring provisions and any required reporting for compliance. A suggested timeline for review/updating will be included.
5. Approved Policy/Guideline:
The finalized document will be submitted for approval by one of the following: Board of Governors, Senate, President, applicable Vice-President, CIO. Following approval, the document will be posted on the CIO’s web-site and suitably advertised/promoted.