policy development at georgetown: directory enabled applications (and not) charles f. leonhardt...
TRANSCRIPT
Policy Development at Georgetown: Directory Enabled
Applications(and not)
Charles F. Leonhardt
[email protected] CSG Winter Meeting Sanibel Harbour, FloridaJanuary 11, 2002
Brief History
Seven Years Ago: No Formal IT Policies– University IT Functions too
decentralized– Nine Internal Service Providers– Five, count ‘em, five “CIOs”
Burning Need for Acceptable Use PolicyOne Year to DevelopOne Year for Faculty Senate to debate
and approve
The last 5 Years: many needs for new and revised policiesComputer Systems Acceptable Use Policy More “global” policies, such as privacy
and security More “functional” policies such as domain
naming (e.g. Upenn.georgetown.edu was requested!)
The major focus for today: Conducting Business over the Internet
Policy Overview
Computer Systems Acceptable Use Policy• Approved: 1996• Application: Campus-wide• Audience: all students, faculty, staff,
affiliates, alumni
• Ancillary Policy: Policy For System and Network Administrators
• Action: needs review and revision in view of “Internet explosion” and new technologies
Policy Overview
Related Policies (Global)Privacy Policy
• Need to provide a University philosophy and umbrella policy to guide existing departmental privacy policies (Med School, Registrar, Registrar, Library, etc.)
• http://www.georgetown.edu/policy/privacy/ (out of date and needs revision)
Security Policy • External auditor and Board of Directors
mandated (being revised – a VERY long process)
Policy Overview
Related Policies (Global) Intellectual Property and Technology
Transfer• Revision under review
Electronic Resources Access Policy• Who can use Georgetown’s online resources? • In Development
Copyright• Needs review and updating
Policy Overview
Related Policies (Functional)E-Mail retention policy
• Face the realities of purging email
Software Licensing and Acquisition Policy
• More formally prohibit software copying and support licensing
Naming policy• Philosophy for naming subdomains, servers, etc.
Off-campus Equipment and Data Access• companion to HR “work at home” policy
A New Policy Process
Articulate a clear, concise rationale for the establishment of the policy
Name a process ownerEstablish the working groupEstablish a timelineDetermine whether interim policy is
neededEstablish the approval processList all other (potentially) affected policies
Policies Done in 2001
Internet (Web) Business Policy– Philosophy– Guidelines for Departments Selling
Goods and ServicesWeb Advertising PolicyE-Mail distribution policy
– Voluntary and Involuntary mailing lists
– An “interim” policy
Policy Development: 2002
Account ManagementDirectory and Attribute Use Policy
– (e.g. Calculation of Primary Affiliation)
Identification & Authentication Policy– Very complex and urgently needed
Policies being contemplated:• B2B• Vendor Compliance Policy
A Common Solution?
We are not uniquePolicy situations are not uniqueA more formalized common repository
of policy drafts for:– Directory driven applications– Cross-institution authentication and
authorization– “Global” issues
More Information
University Policy Information:http://www.georgetown.edu/policy
Technology Policy Information:http://www.georgetown.edu/uis/policy
University Policy Search Engine:http://data.georgetown.edu/policy
Copies of Policy Drafts Not Yet Published: