Information Technology Governance Policy: Difference between revisions

From Appalachian State University Policy Manual
 
(13 intermediate revisions by 3 users not shown)
Line 1: Line 1:
Policy 916
Policy 901


== Introduction ==
== Introduction ==
Appalachian State University’s Information Technology Services (IT) and information resource needs continually evolve as new challenges, opportunities, and technologies emerge.  The University adopts this policy to:
The needs of the University Information Resources continually evolve as new challenges, opportunities, and technologies emerge.  The purpose of this policy is to define an Appalachian State University (“Appalachian”) Information Technology (“IT”) Governance program that ensures IT solutions are strategically aligned with institutional goals to minimize risk to the University.
#Align our IT governance objectives and comply with the [https://www.northcarolina.edu/apps/policy/index.php?pg=dl&id=299&format=pdf&inline=1 University of North Carolina Information Technology Governance Policy, 1400.1];
#Designate the Chief Information Officer as the position responsible for overseeing the information technology governance program and ensuring the establishment and proper implementation and operation of the information technology governance program framework and principles across all areas of campus IT;
#Outline an IT governance program that ensures information technology solutions are cost effective, strategically aligned with institutional goals, and identify and minimize risk to the institution;
#Encourage information technology collaboration and shared service agreements between the University Information Technology units and staff, and where appropriate, between and among, University of North Carolina institutions and the System Office; and
#Ensure the objectives, information, and standards established within this policy have a broad campus distribution and adoption across all areas of campus IT.


== Scope ==
== Scope ==
2.1 This policy applies to all Appalachian State University employees, students, and affiliates.
This policy applies to all Appalachian faculty, staff, students, vendors and visitors who access Institutional Data. This policy is not meant to address the release of Institutional Data under public records laws or other legal requirements, such as in response to subpoenas or court orders.


== Definitions  ==
== Definitions  ==


=== Information Resources ===
=== Information Resources ===
:Information resources are information owned or possessed by the University, or related to the business of the University, regardless of form or location, and the hardware and software resources used to electronically store, process, or transmit that information.
:All devices, services, networks and other resources and technology related to the transaction of University business, regardless of form or location, that are owned, provided, or administered by or through the University, or used to electronically store, process, or transmit information.


=== Institutional Data ===
=== Institutional Data ===
:Institutional data is data that originates in an academic or administrative system, and data contained within the University data warehouse.
:All data, regardless of physical form or characteristic, made or received in connection with the transaction of University business that is in the possession or control of the University.


=== Information Technology ===
=== Information Technology (IT) ===
:Information technology is the hardware and software resources owned, leased, or used by the University and its partners to store, process or transmit University information. Information technology is a subset of the University’s information resources.
:The hardware and software resources owned, leased, or used by the University and its partners to store, process or transmit University information. Information Technology is a subset of the University’s Information Resources.


=== Information Technology Governance ===
=== Enterprise IT Services and Applications ===
:Information technology governance are the policies, standards, structures, processes, and guidance established to ensure that the University’s information technology supports the mission, goals, and objectives of the University; that information technology and information resources are managed in accordance with standards and policies; and that risks and threats to information technology and information resources are appropriately and effectively identified and addressed.  IT governance encompasses the planning, prioritization, funding, evaluation, auditing, and security of information technology and information resources at the University.
:Information Technology solutions that support functions critical to the University’s mission.  Enterprise IT Services and Applications are generally accessed by more than one University department; are supported by central, distribution and functional IT units; and are described in Appalachian’s IT Service Catalog.


=== Periodic ===
=== Information Technology (IT) Governance ===
:Periodic means occurring at a frequency deemed appropriate based on an on-going assessment of associated risks.
:The policies, standards, structures, processes, and guidance established to ensure that the University’s Information Resources supports the mission, goals, objectives, and regulatory requirements as established by UNC System policies, federal and state law and regulation, and University policies.


=== Information Technology Policies ===
=== Information Technology (IT) Standards ===
:IT Policies are University policies that articulate the University’s values, principles, strategies, and positions relative to Information Technology.
:Documented principles that establish requirements and processes that provide a reliable basis for shared expectations on how the University will comply with Information Technology related University policies, as well as federal and state laws and regulations.


=== Information Technology Standards ===
=== Information Technology (IT) Guidelines ===
:IT Standards are documentation that establish requirements and/or processes that provide a reliable basis for shared expectations on how work will be conducted, and facilitate compliance with University policies, applicable laws and regulations.
:Documented guidelines for recommended best practices to streamline processes, reduce risk, and adhere to Information Technology Governance. IT Guidelines are recommended best practices approved by the Chief Information Officer and are not mandatory.


=== Information Technology Guidelines ===
=== Information Technology (IT) Projects ===
:IT Guidelines are documentation that recommends practices to streamline processes and/or reduce risk.  IT guidelines are not mandatory.
:Temporary endeavors to introduce new Appalachian IT Services, as well as implement significant changes to existing Appalachian IT Services.
 
=== Information Technology Projects ===
:IT Projects are temporary endeavors to 1) introduce new campus applications, services, IT policies and standards, and 2) implement significant changes to existing infrastructure, applications and enterprise systems, policies and standards.


== Policy and Procedure Statements  ==
== Policy and Procedure Statements  ==


=== Information Technology Governance Program ===
=== Information Technology Governance Program ===
'''4.1.1 IT Governance Program'''
The Chancellor vests the Chief Information Officer with the authority and responsibility to oversee and implement Appalachian’s IT Governance Program (the “Program”). The purpose of the Program is to develop consistent planning, prioritizing, funding, evaluating, and auditing of Information Resources and Information Technology.
The Program shall consist of Appalachian’s Department of Information Technology Services (ITS) and decentralized Information Technology units and staff throughout the University.
The goals and objectives of the Program are to:
<ol>
<li style="list-style-type: lower-alpha">adhere to the requirements of this policy;</li>
<li style="list-style-type: lower-alpha">assist the University with meeting the requirements of federal and state law, UNC System policy, and University policies;</li>
<li style="list-style-type: lower-alpha">identify and manage risks and threats to Information Resources;</li>
<li style="list-style-type: lower-alpha">innovate and adopt new processes, services, and systems to fulfill the University’s mission and protect Institutional Data and systems; and</li>
<li style="list-style-type: lower-alpha">collaboratively review any IT audit findings and develop remediation plans.</li>
</ol>
'''4.1.2 Policies, Standards, and Guidelines'''
The Chief Information Officer is required to establish IT policies and procedures to meet the goals and objectives of the IT Governance Program. The sources of authority to meet these objectives include:


4.1.1 In alignment and compliance with UNC Policy 1400.1, the Chancellor vests the Chief Information Officer with the authority and responsibility to oversee an IT governance program that includes central and distributed information technology units and staff for consistent planning, prioritizing, funding, evaluating, and auditing of information resources and technology in order to meet:
<ol>
#Internal and external requirements for the protection of institutional data and systems, and
<li style="list-style-type: lower-alpha">Information Technology Policies, as identified in the Appalachian Policy Manual;</li>
#The need to innovate and adopt new processes and systems to fulfill the University’s mission.
<li style="list-style-type: lower-alpha">IT Standards; and</li>
<li style="list-style-type: lower-alpha">IT Guidelines.</li></ol>


4.1.2 The IT governance program includes IT policies, IT standards and IT guidelines that apply to all University units and staff.
Impacted campus entities, including, at minimum, the IT Implementation Group and the IT Board of Directors will review proposed policies and standards.
#Policies and/or standards including, but not limited, to Information Security, Data Management, Risk Management, Encryption, Disaster Recovery, Software and Hardware standards, Acquisition of IT consulting and contracting services, Networking, Wireless Technologies, and personal devices will be developed and maintained as part of the IT governance program.
#Impacted campus entities, including, at minimum, the IT Implementation Group and the IT Board of Directors will review proposed IT policies and standards.


4.1.3 Effective coordination and communication within and among IT units, IT staff, and campus is a critical success factor of IT governance.
The Chief Information Officer, in conjunction with the IT Executive Council, IT Board of Directors, and IT Implementation Group, will develop reports of IT Projects, share relevant information to campus through outreach and website publications, and solicit campus feedback as needed. IT Standards and IT Guidelines will be posted on a website managed by ITS.
#The Chief Information Officer, in conjunction with the IT Executive Council, IT Board of Directors, and IT Implementation Group, will develop a quarterly report of IT projects and share relevant information to campus through outreach and website publications.  
#Information regarding new and revised IT policies, standards, and guidelines will be maintained on an IT website.  


=== Roles and Responsibilities ===
'''4.1.3 Annual Governance Improvement Plan'''


4.2.1 The Chancellor and Chancellor’s Cabinet shall be responsible for:
IT Governance will follow an implementation cycle that supports increasing maturity in IT Governance through annual governance improvement plans. The Chief Information Officer will work with IT Governance Groups and the campus community to: (1) annually assess progress on the University’s IT Governance implementation, and (2) develop IT Governance recommendations and annual action plans to improve IT Governance and University risks.
#Providing guidance concerning institutional risk tolerance levels.
#Periodically reviewing the University’s IT Governance program.


4.2.2 The Chief Information Officer shall be responsible for:
'''4.1.4 Annual Review'''
#Developing, implementing and overseeing the IT governance program that encompasses distributed, central and functional IT units and staff.
#Requesting the Chancellor’s approval of IT policies.
#Developing, approving, and enforcing IT standards and guidelines based on recommendations from IT governance groups and the Chief Information Security Officer.
#Directing the periodic review of policies, standards and procedures to identify gaps and develop action plans to address gaps.
#Periodically reviewing and updating IT governance principles, guidelines and standards to ensure effective operation of the IT governance program.
#Publishing information about the University’s IT governance program.  This information will include membership, policies, standards, and high impact projects, on a University website for the sake of transparency and to promote business and IT synergy.
#Identifying exceptions that are inconsistent with IT Governance principles, standards and correcting deficiencies.


4.2.3 The IT Executive Council is comprised of leadership from each University division and serves as a forum to discuss IT issues, resources, and challenges.  The IT Executive Council is responsible for the following:
The Chancellor and the Chancellor’s Cabinet shall be responsible for annually reviewing the IT Governance Program, action plans to improve IT Governance, as well as reviewing and providing guidance concerning risks identified by the Chief Information Officer.
#Recommending changes to IT policies and standards.
#Providing oversight of the IT governance program and reviewing exceptions that are inconsistent with IT Governance principles and standards.
#Reviewing and approving IT standards identified by the Chief Information Officer to have a significant institutional impact. 
#Approving a prioritization model for evaluating IT projects.
#Making strategic project decisions regarding funding, risk and business process changes.
#Reviewing, advising and accepting a quarterly report of IT projects.  


4.2.4 The IT Governance Board of Directors is comprised of directors of central and distributed IT units, representation from the Faculty Senate, and divisional Directors and/or Associate Vice Chancellors with significant numbers of IT employees.  The IT Governance Board of Directors shall be responsible for the following:
=== IT Governance Groups ===
#Reporting and recommending IT projects, reviewing prioritization of IT projects, and accepting a quarterly report of IT projects.
#Reviewing and advising on IT policy and standards.
#Approving operational changes with limited campus impact, and approving Technical Advisory Groups.
#Functioning as the governance liaison to their respective areas or division.  As a divisional/unit governance liaison, the IT Governance Board of Directors members will:
##share information regarding significant new and ongoing divisional/unit information technology efforts in order to encourage collaboration and shared service agreements, and ensure that efforts are strategically aligned with institutional goals and risk mitigation efforts, and
##disseminate information regarding IT Board of Directors efforts within their division /unit.


4.2.5 The IT Implementation Group is comprised of managers and IT staff within central, distributed and key functional areas. The IT Implementation Group shall be responsible for:
'''4.2.1 IT Governance Groups''' are responsible for providing recommendations and assisting with IT Governance as identified below. The IT Governance Groups consist of:
#Recommending standards, guidelines, projects and procedures to ensure the effective and efficient use of IT.
<ol>
#Reviewing proposed technology changes, IT projects, IT policies, standards and guidelines for impact, feasibility, resource needs, and developing implementation plans.
<li style="list-style-type: lower-alpha">IT Executive Council;</li>
#Advising on the development of a quarterly project report of IT projects.
<li style="list-style-type: lower-alpha">IT Governance Board of Directors;</li>
<li style="list-style-type: lower-alpha">IT Implementation Group; and</li>
<li style="list-style-type: lower-alpha">Technical Advisory Groups.</li>
</ol>


4.2.6 Technical Advisory Groups are University committees, councils and working groups that focus on assuring that information resources and technology needs are met to support an aspect of the University mission. The Chief Information Officer, or delegate, provides information on IT projects and initiatives to Technical Advisory Groups on a quarterly basis to coordinate governance to fulfill the University’s mission. Technical Advisory Groups shall be responsible for:
'''4.2.2 IT Executive Council'''
#Requesting IT projects to meet institutional needs.
 
This IT Executive Council (“Council”) serves to discuss IT issues, resources, and challenges.  The Chancellor appoints members of the Council. The Council is responsible for:
<ol>
<li style="list-style-type: lower-alpha">Recommending changes to IT policies and standards;</li>
<li style="list-style-type: lower-alpha">Providing oversight of the IT Governance program and reviewing exceptions that are inconsistent with IT Governance principles and standards;</li>
<li style="list-style-type: lower-alpha">Reviewing IT Standards identified by the Chief Information Officer;</li>
<li style="list-style-type: lower-alpha">Approving a prioritization model for identifying an order of importance for evaluating IT Projects based on institutional needs;</li>
<li style="list-style-type: lower-alpha">Making strategic project decisions regarding funding, risk and business process changes; and</li>
<li style="list-style-type: lower-alpha">Reviewing reports of IT Projects.</li>
</ol>
 
'''4.2.3 IT Governance Board of Directors'''
 
The IT Governance Board of Directors (“Board of Directors”) is comprised of directors of central and distributed IT units, representation from the Faculty-Senate, and divisional directors and associate vice chancellors with specific IT resource needs. In consultation with the IT Executive Council, the Chief Information Officer appoints members to the Board of Directors. The Board of Directors are responsible for:
<ol>
<li style="list-style-type: lower-alpha">Reporting and recommending IT projects;</li>
<li style="list-style-type: lower-alpha">Reviewing the IT Service Catalog and designating IT services and applications as Enterprise IT Services and Applications;</li>
<li style="list-style-type: lower-alpha">Recommending the introduction, improvement and retirement of Enterprise IT Services and Applications based on value, costs and supportability;</li>
<li style="list-style-type: lower-alpha">Reviewing and advising on IT policy and standards, including IT policy and standard exemptions;</li>
<li style="list-style-type: lower-alpha">Approving operational changes with limited campus impact, as identified by the Chief Information Officer;</li>
<li style="list-style-type: lower-alpha">Approving the designation of University committees, councils and advisory groups as Technical Advisory Groups; and</li>
<li style="list-style-type: lower-alpha">Functioning as the governance liaison to their respective areas or division.</li>
</ol>
 
 
'''4.2.4 IT Implementation Group'''
 
The IT Implementation Group is comprised of managers and IT staff within central, distributed and key functional areas. In consultation with the Appalachian IT leadership, the Chief Information Officer appoints members to the IT Implementation Group which is responsible for:
<ol>
<li style="list-style-type: lower-alpha">Recommending IT Standards, guidelines, IT projects, and changes to our Enterprise IT Services and Applications to ensure the effective and efficient use of Information Resources;</li>
<li style="list-style-type: lower-alpha">Reviewing proposed technology changes, IT projects, and IT policies, standards and guidelines for impact, feasibility, and resource needs; and</li>
<li style="list-style-type: lower-alpha">Developing implementation plans for IT Projects and IT changes.</li></ol>
 
'''4.2.5 Technical Advisory Groups'''
 
Existing University committees, councils and working groups may be designated as a Technical Advisory Group by the IT Governance Board of Directors. These groups with a Technical Advisory Group designation are typically self-organized, ITS directed, or University assigned technology groups created to assist the University with incorporating Information Resources across campus, or meeting legal or regulatory requirements. The Chief Information Officer, or delegate, may provide information on IT Projects and initiatives to Technical Advisory Groups to coordinate IT Governance to fulfill the University’s mission. Technical Advisory Groups shall be responsible for requesting IT Projects to meet institutional needs.
 
=== Policy Implementation and Compliance ===
 
The Chancellor has delegated authority and oversight for the administration and implementation of this policy to the Chief Information Officer. The Chief Information Officer shall be responsible for:
<ol>
<li style="list-style-type: lower-alpha">the development, management, and enforcement of University policies and standards to assist the Appalachian community with complying with this policy;</li>
<li style="list-style-type: lower-alpha">seeking recommendations from IT Governance Groups and the Chief Information Security Officer, identified in [[Information Security Policy|Appalachian Policy 903 – Information Security Policy]]; and</li>
<li style="list-style-type: lower-alpha">conducting the periodic review, revisions, and updates of policies, standards and guidelines to identify risks, and develop action plans to improve IT Governance and the effective operation of the Program.</li>
</ol>


4.2.7 The Data Stewards Council is comprised of University employees with planning and management responsibility for defined institutional datasets.  The Data Stewards Council shall be responsible for:
#Overseeing the development and maintenance of standards needed to ensure the consistent treatment of institutional data as well as periodically reviewing and reporting on the effectiveness of University data management practices.
#Ensuring that the management of individual data sets conforms to relevant University policies and stewards.
#Coordinating and resolving stewardship issues and data definitions of data elements that cross multiple functional units.


== Additional References ==
== Additional References ==
#[https://policy.appstate.edu/Information_Security_Policy Information Security Policy]
:[[Data_Governance|Appalachian Policy 902 - Data Governance Policy]]  
#[https://security.appstate.edu/sites/security.appstate.edu/files/datamanagementstandard.pdf Data Management Standard]
:[[Information Security Policy|Appalachian Policy 903 - Information Security Policy]]
#[https://security.appstate.edu/sites/security.appstate.edu/files/riskmanagementstandard.pdf Information Security Risk Management Standard]
:[[Identity and Access Management Policy|Appalachian Policy 905 - Identity and Access Management Policy]]
#[https://security.appstate.edu/sites/security.appstate.edu/files/secure_data_handling_standard_-_v1.1_final.pdf Secure Data Handling Standards]
:[[Acceptable Use of Computing and Electronic Resources Policy|Appalachian Policy 906 - Acceptable Use Policy]]
#[https://policy.appstate.edu/General_Web_Standards IT Policy, Standards and Guidelines Website]


== Authority ==
== Authority ==
:[https://www.northcarolina.edu/apps/policy/index.php?tab=policy_manual UNC Policy Manual 1400.1 - Information Technology Governance]   
:[https://www.northcarolina.edu/apps/policy/index.php UNC Policy Manual 1400.1 - Information Technology Governance]   
:[https://www.northcarolina.edu/apps/policy/index.php?tab=policy_manual UNC Policy Manual 1400.2 - Information Security]
:[https://its.appstate.edu/it-governance/it-policy-standards-guidelines IT Policy, Standards and Guidelines Website]
 


== Contact Information ==
== Contact Information ==
 
:The Office of the Chief Information Officer - (828)262-6278


== Original Effective Date ==
== Original Effective Date ==
:January 29, 2019


== Revision Dates ==
== Revision Dates ==
:December 10, 2020
[[Category:Contents]]
[[Category:Information Technology]]

Latest revision as of 12:24, 14 December 2020

Policy 901

Introduction

The needs of the University Information Resources continually evolve as new challenges, opportunities, and technologies emerge. The purpose of this policy is to define an Appalachian State University (“Appalachian”) Information Technology (“IT”) Governance program that ensures IT solutions are strategically aligned with institutional goals to minimize risk to the University.

Scope

This policy applies to all Appalachian faculty, staff, students, vendors and visitors who access Institutional Data. This policy is not meant to address the release of Institutional Data under public records laws or other legal requirements, such as in response to subpoenas or court orders.

Definitions

Information Resources

All devices, services, networks and other resources and technology related to the transaction of University business, regardless of form or location, that are owned, provided, or administered by or through the University, or used to electronically store, process, or transmit information.

Institutional Data

All data, regardless of physical form or characteristic, made or received in connection with the transaction of University business that is in the possession or control of the University.

Information Technology (IT)

The hardware and software resources owned, leased, or used by the University and its partners to store, process or transmit University information. Information Technology is a subset of the University’s Information Resources.

Enterprise IT Services and Applications

Information Technology solutions that support functions critical to the University’s mission. Enterprise IT Services and Applications are generally accessed by more than one University department; are supported by central, distribution and functional IT units; and are described in Appalachian’s IT Service Catalog.

Information Technology (IT) Governance

The policies, standards, structures, processes, and guidance established to ensure that the University’s Information Resources supports the mission, goals, objectives, and regulatory requirements as established by UNC System policies, federal and state law and regulation, and University policies.

Information Technology (IT) Standards

Documented principles that establish requirements and processes that provide a reliable basis for shared expectations on how the University will comply with Information Technology related University policies, as well as federal and state laws and regulations.

Information Technology (IT) Guidelines

Documented guidelines for recommended best practices to streamline processes, reduce risk, and adhere to Information Technology Governance. IT Guidelines are recommended best practices approved by the Chief Information Officer and are not mandatory.

Information Technology (IT) Projects

Temporary endeavors to introduce new Appalachian IT Services, as well as implement significant changes to existing Appalachian IT Services.

Policy and Procedure Statements

Information Technology Governance Program

4.1.1 IT Governance Program

The Chancellor vests the Chief Information Officer with the authority and responsibility to oversee and implement Appalachian’s IT Governance Program (the “Program”). The purpose of the Program is to develop consistent planning, prioritizing, funding, evaluating, and auditing of Information Resources and Information Technology.

The Program shall consist of Appalachian’s Department of Information Technology Services (ITS) and decentralized Information Technology units and staff throughout the University.

The goals and objectives of the Program are to:

  1. adhere to the requirements of this policy;
  2. assist the University with meeting the requirements of federal and state law, UNC System policy, and University policies;
  3. identify and manage risks and threats to Information Resources;
  4. innovate and adopt new processes, services, and systems to fulfill the University’s mission and protect Institutional Data and systems; and
  5. collaboratively review any IT audit findings and develop remediation plans.

4.1.2 Policies, Standards, and Guidelines

The Chief Information Officer is required to establish IT policies and procedures to meet the goals and objectives of the IT Governance Program. The sources of authority to meet these objectives include:

  1. Information Technology Policies, as identified in the Appalachian Policy Manual;
  2. IT Standards; and
  3. IT Guidelines.

Impacted campus entities, including, at minimum, the IT Implementation Group and the IT Board of Directors will review proposed policies and standards.

The Chief Information Officer, in conjunction with the IT Executive Council, IT Board of Directors, and IT Implementation Group, will develop reports of IT Projects, share relevant information to campus through outreach and website publications, and solicit campus feedback as needed. IT Standards and IT Guidelines will be posted on a website managed by ITS.

4.1.3 Annual Governance Improvement Plan

IT Governance will follow an implementation cycle that supports increasing maturity in IT Governance through annual governance improvement plans. The Chief Information Officer will work with IT Governance Groups and the campus community to: (1) annually assess progress on the University’s IT Governance implementation, and (2) develop IT Governance recommendations and annual action plans to improve IT Governance and University risks.

4.1.4 Annual Review

The Chancellor and the Chancellor’s Cabinet shall be responsible for annually reviewing the IT Governance Program, action plans to improve IT Governance, as well as reviewing and providing guidance concerning risks identified by the Chief Information Officer.

IT Governance Groups

4.2.1 IT Governance Groups are responsible for providing recommendations and assisting with IT Governance as identified below. The IT Governance Groups consist of:

  1. IT Executive Council;
  2. IT Governance Board of Directors;
  3. IT Implementation Group; and
  4. Technical Advisory Groups.

4.2.2 IT Executive Council

This IT Executive Council (“Council”) serves to discuss IT issues, resources, and challenges. The Chancellor appoints members of the Council. The Council is responsible for:

  1. Recommending changes to IT policies and standards;
  2. Providing oversight of the IT Governance program and reviewing exceptions that are inconsistent with IT Governance principles and standards;
  3. Reviewing IT Standards identified by the Chief Information Officer;
  4. Approving a prioritization model for identifying an order of importance for evaluating IT Projects based on institutional needs;
  5. Making strategic project decisions regarding funding, risk and business process changes; and
  6. Reviewing reports of IT Projects.

4.2.3 IT Governance Board of Directors

The IT Governance Board of Directors (“Board of Directors”) is comprised of directors of central and distributed IT units, representation from the Faculty-Senate, and divisional directors and associate vice chancellors with specific IT resource needs. In consultation with the IT Executive Council, the Chief Information Officer appoints members to the Board of Directors. The Board of Directors are responsible for:

  1. Reporting and recommending IT projects;
  2. Reviewing the IT Service Catalog and designating IT services and applications as Enterprise IT Services and Applications;
  3. Recommending the introduction, improvement and retirement of Enterprise IT Services and Applications based on value, costs and supportability;
  4. Reviewing and advising on IT policy and standards, including IT policy and standard exemptions;
  5. Approving operational changes with limited campus impact, as identified by the Chief Information Officer;
  6. Approving the designation of University committees, councils and advisory groups as Technical Advisory Groups; and
  7. Functioning as the governance liaison to their respective areas or division.


4.2.4 IT Implementation Group

The IT Implementation Group is comprised of managers and IT staff within central, distributed and key functional areas. In consultation with the Appalachian IT leadership, the Chief Information Officer appoints members to the IT Implementation Group which is responsible for:

  1. Recommending IT Standards, guidelines, IT projects, and changes to our Enterprise IT Services and Applications to ensure the effective and efficient use of Information Resources;
  2. Reviewing proposed technology changes, IT projects, and IT policies, standards and guidelines for impact, feasibility, and resource needs; and
  3. Developing implementation plans for IT Projects and IT changes.

4.2.5 Technical Advisory Groups

Existing University committees, councils and working groups may be designated as a Technical Advisory Group by the IT Governance Board of Directors. These groups with a Technical Advisory Group designation are typically self-organized, ITS directed, or University assigned technology groups created to assist the University with incorporating Information Resources across campus, or meeting legal or regulatory requirements. The Chief Information Officer, or delegate, may provide information on IT Projects and initiatives to Technical Advisory Groups to coordinate IT Governance to fulfill the University’s mission. Technical Advisory Groups shall be responsible for requesting IT Projects to meet institutional needs.

Policy Implementation and Compliance

The Chancellor has delegated authority and oversight for the administration and implementation of this policy to the Chief Information Officer. The Chief Information Officer shall be responsible for:

  1. the development, management, and enforcement of University policies and standards to assist the Appalachian community with complying with this policy;
  2. seeking recommendations from IT Governance Groups and the Chief Information Security Officer, identified in Appalachian Policy 903 – Information Security Policy; and
  3. conducting the periodic review, revisions, and updates of policies, standards and guidelines to identify risks, and develop action plans to improve IT Governance and the effective operation of the Program.


Additional References

Appalachian Policy 902 - Data Governance Policy
Appalachian Policy 903 - Information Security Policy
Appalachian Policy 905 - Identity and Access Management Policy
Appalachian Policy 906 - Acceptable Use Policy

Authority

UNC Policy Manual 1400.1 - Information Technology Governance
IT Policy, Standards and Guidelines Website


Contact Information

The Office of the Chief Information Officer - (828)262-6278

Original Effective Date

January 29, 2019

Revision Dates

December 10, 2020