Information Technology Governance Policy: Difference between revisions
(→Scope) |
|||
Line 14: | Line 14: | ||
== Definitions == | == Definitions == | ||
=== | === Information Resources === | ||
: | :Information resources are information owned or possessed by the University, or related to the business of the University, regardless of form or location, and the hardware and software resources used to electronically store, process, or transmit that information. | ||
=== Institutional Data === | |||
:Institutional data is data that originates in an academic or administrative system, and data contained within the University data warehouse. | |||
=== Information Technology === | |||
:Information technology is the hardware and software resources owned, leased, or used by the University and its partners to store, process or transmit University information. Information technology is a subset of the University’s information resources. | |||
=== Information Technology Governance === | |||
:Information technology governance are the policies, standards, structures, processes, and guidance established to ensure that the University’s information technology supports the mission, goals, and objectives of the University; that information technology and information resources are managed in accordance with standards and policies; and that risks and threats to information technology and information resources are appropriately and effectively identified and addressed. IT governance encompasses the planning, prioritization, funding, evaluation, auditing, and security of information technology and information resources at the University. | |||
=== Periodic === | |||
:Periodic means occurring at a frequency deemed appropriate based on an on-going assessment of associated risks. | |||
=== Information Technology Policies === | |||
:IT Policies are University policies that articulate the University’s values, principles, strategies, and positions relative to Information Technology. | |||
=== Information Technology Standards === | |||
:IT Standards are documentation that establish requirements and/or processes that provide a reliable basis for shared expectations on how work will be conducted, and facilitate compliance with University policies, applicable laws and regulations. | |||
=== Information Technology Guidelines === | |||
:IT Guidelines are documentation that recommends practices to streamline processes and/or reduce risk. IT guidelines are not mandatory. | |||
=== Information Technology Projects === | |||
:IT Projects are temporary endeavors to 1) introduce new campus applications, services, IT policies and standards, and 2) implement significant changes to existing infrastructure, applications and enterprise systems, policies and standards. | |||
== Policy and Procedure Statements == | == Policy and Procedure Statements == |
Revision as of 14:38, 30 January 2019
Policy 916
Introduction
Appalachian State University’s Information Technology Services (IT) and information resource needs continually evolve as new challenges, opportunities, and technologies emerge. The University adopts this policy to:
- Align our IT governance objectives and comply with the University of North Carolina Information Technology Governance Policy, 1400.1;
- Designate the Chief Information Officer as the position responsible for overseeing the information technology governance program and ensuring the establishment and proper implementation and operation of the information technology governance program framework and principles across all areas of campus IT;
- Outline an IT governance program that ensures information technology solutions are cost effective, strategically aligned with institutional goals, and identify and minimize risk to the institution;
- Encourage information technology collaboration and shared service agreements between the University Information Technology units and staff, and where appropriate, between and among, University of North Carolina institutions and the System Office; and
- Ensure the objectives, information, and standards established within this policy have a broad campus distribution and adoption across all areas of campus IT.
Scope
2.1 This policy applies to all Appalachian State University employees, students, and affiliates.
Definitions
Information Resources
- Information resources are information owned or possessed by the University, or related to the business of the University, regardless of form or location, and the hardware and software resources used to electronically store, process, or transmit that information.
Institutional Data
- Institutional data is data that originates in an academic or administrative system, and data contained within the University data warehouse.
Information Technology
- Information technology is the hardware and software resources owned, leased, or used by the University and its partners to store, process or transmit University information. Information technology is a subset of the University’s information resources.
Information Technology Governance
- Information technology governance are the policies, standards, structures, processes, and guidance established to ensure that the University’s information technology supports the mission, goals, and objectives of the University; that information technology and information resources are managed in accordance with standards and policies; and that risks and threats to information technology and information resources are appropriately and effectively identified and addressed. IT governance encompasses the planning, prioritization, funding, evaluation, auditing, and security of information technology and information resources at the University.
Periodic
- Periodic means occurring at a frequency deemed appropriate based on an on-going assessment of associated risks.
Information Technology Policies
- IT Policies are University policies that articulate the University’s values, principles, strategies, and positions relative to Information Technology.
Information Technology Standards
- IT Standards are documentation that establish requirements and/or processes that provide a reliable basis for shared expectations on how work will be conducted, and facilitate compliance with University policies, applicable laws and regulations.
Information Technology Guidelines
- IT Guidelines are documentation that recommends practices to streamline processes and/or reduce risk. IT guidelines are not mandatory.
Information Technology Projects
- IT Projects are temporary endeavors to 1) introduce new campus applications, services, IT policies and standards, and 2) implement significant changes to existing infrastructure, applications and enterprise systems, policies and standards.